DogWalk-rce-poc
log4j2-rce-poc
Our great sponsors
DogWalk-rce-poc | log4j2-rce-poc | |
---|---|---|
2 | 1 | |
81 | 3 | |
- | - | |
0.0 | 4.1 | |
over 1 year ago | over 2 years ago | |
Perl | Kotlin | |
- | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
DogWalk-rce-poc
log4j2-rce-poc
-
Log4J - Have your customer been breached? What have you seen if anything?
However, when using JNDI lookups, if you return properly formatted JNDI data (from a malicious server) then Java will execute that code. You can see this in PoC code: https://github.com/unlimitedsola/log4j2-rce-poc/blob/master/payload-server/src/main/kotlin/Main.kt
What are some alternatives?
PoC-CVE-2022-30190 - POC CVE-2022-30190 : CVE 0-day MS Offic RCE aka msdt follina
Log4j-RCE-Scanner - Remote command execution vulnerability scanner for Log4j.
fuelcms-rce - Fuel CMS 1.4 - Remote Code Execution
CVE-2022-26134 - CVE-2022-26134 - Atlassian Confluence unauthenticated OGNL injection vulnerability (RCE).
log4shell - Operational information regarding the log4shell vulnerabilities in the Log4j logging library.
pwn_jenkins - Notes about attacking Jenkins servers
CVE-2021-44228_scanner - Scanners for Jar files that may be vulnerable to CVE-2021-44228
Gopherus - This tool generates gopher link for exploiting SSRF and gaining RCE in various servers
evilgrade - Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates.