CVE-2021-44228-PoC-log4j-bypass-words
log4j-shell-poc
CVE-2021-44228-PoC-log4j-bypass-words | log4j-shell-poc | |
---|---|---|
8 | 2 | |
924 | 1,718 | |
- | - | |
0.0 | 0.0 | |
over 2 years ago | 3 months ago | |
Java | Python | |
- | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
CVE-2021-44228-PoC-log4j-bypass-words
-
Log4Shell Update: Severity Upgraded 3.7 -> 9.0 for Second log4j Vulnerability (CVE-2021-45046) | LunaSec - v2.15 of Log4j has an RCE
WAF is also playing whackamole given all the ways to bypass simple rules
-
A Blog about detection of Log4Shell
More specifically this section https://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words
- 🐱💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - A trick to bypass words blocking patches
- JNDI Log4j exploit bypass word filters
- LOG4J bypass words
log4j-shell-poc
-
log4j shell poc with User-Agent payload
https://github.com/kozmer/log4j-shell-poc/blob/main/vulnerable-application/src/main/java/com/example/log4shell/LoginServlet.java line 31
What are some alternatives?
PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF
L4sh - Log4Shell RCE Exploit - fully independent exploit does not require any 3rd party binaries.
black-hat-rust - Applied offensive security with Rust - https://kerkour.com/black-hat-rust
log4jpwn - log4j rce test environment and poc
CVE-2022-0337-PoC-Google-Chrome-Microsoft-Edge-Opera - 🎩 🤟🏻 [P1-$10,000] Google Chrome, Microsoft Edge and Opera - vulnerability reported by Maciej Pulikowski - System environment variables leak - CVE-2022-0337
py4jshell - Simulating Log4j Remote Code Execution (RCE) vulnerability in a flask web server using python's logging library with custom formatter that simulates lookup substitution by executing remote exploit code.
log4j-log4shell-affected - Lists of affected components and affected apps/vendors by CVE-2021-44228 (aka Log4shell or Log4j RCE). This list is meant as a resource for security responders to be able to find and address the vulnerability
log4j-finder - Find vulnerable Log4j2 versions on disk and also inside Java Archive Files (Log4Shell CVE-2021-44228, CVE-2021-45046, CVE-2021-45105)
LAZYPARIAH - A tool for generating reverse shell payloads on the fly.
awesome-list-of-secrets-in-environment-variables - 🦄🔒 Awesome list of secrets in environment variables 🖥️
pocbrowser - Scrape websites to find PoCs for CVEs
cve - Gather and update all available and newest CVEs with their PoC.