CVE-2021-44228-PoC-log4j-bypass-words
log4j-log4shell-affected
CVE-2021-44228-PoC-log4j-bypass-words | log4j-log4shell-affected | |
---|---|---|
8 | 3 | |
924 | 53 | |
- | - | |
0.0 | 0.0 | |
over 2 years ago | over 2 years ago | |
Java | ||
- | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
CVE-2021-44228-PoC-log4j-bypass-words
-
Log4Shell Update: Severity Upgraded 3.7 -> 9.0 for Second log4j Vulnerability (CVE-2021-45046) | LunaSec - v2.15 of Log4j has an RCE
WAF is also playing whackamole given all the ways to bypass simple rules
-
A Blog about detection of Log4Shell
More specifically this section https://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words
- 🐱💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - A trick to bypass words blocking patches
- JNDI Log4j exploit bypass word filters
- LOG4J bypass words
log4j-log4shell-affected
-
Known applications that use Spring Framework
When Log4J hit, someone had the forethought to publish a list of affected applications on GITHUB.
- Given the recent Log4J exploit, what widely used linux apps should we be careful with until they are patched?
-
US warns hundreds of millions of devices at risk from newly revealed software vulnerability
That being said, I've been keeping an eye out on this Github tracker that consolidates responses from vendors so at least we can see their statements: https://github.com/authomize/log4j-log4shell-affected
What are some alternatives?
PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
spring4shell - Operational information regarding the Spring4Shell vulnerability in the Spring Core Framework
black-hat-rust - Applied offensive security with Rust - https://kerkour.com/black-hat-rust
log4shell-tools - Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046
CVE-2022-0337-PoC-Google-Chrome-Microsoft-Edge-Opera - 🎩 🤟🏻 [P1-$10,000] Google Chrome, Microsoft Edge and Opera - vulnerability reported by Maciej Pulikowski - System environment variables leak - CVE-2022-0337
LAZYPARIAH - A tool for generating reverse shell payloads on the fly.
log4j-shell-poc - A Proof-Of-Concept for the CVE-2021-44228 vulnerability.
pocbrowser - Scrape websites to find PoCs for CVEs
cve - Gather and update all available and newest CVEs with their PoC.
athena-nix - Athena OS Nix configuration files focused on Cybersecurity. Learn, practice and enjoy with any hacking tool!
java-reverse-tcp - JAR, Java, and JSP shells that work on Linux OS, macOS, and Windows OS.
remote-method-guesser - Java RMI Vulnerability Scanner