Log4j RCE — CVE-2021-44228
The vulnerability allows for unauthenticated remote code execution. Log4j 2 is an open source Java logging library developed by the Apache Foundation. Log4j 2 is widely used in many applications and is present, as a dependency, in many services. These include enterprise applications as well as numerous cloud services.
# https://www.lunasec.io/docs/blog/log4j-zero-day/
# https://gist.github.com/byt3bl33d3r/46661bc206d323e6770907d259e009b6
# https://github.com/whwlsfb/Log4j2Scan
# https://github.com/Cybereason/Logout4Shell
#apache #log4j #cve #rce
The vulnerability allows for unauthenticated remote code execution. Log4j 2 is an open source Java logging library developed by the Apache Foundation. Log4j 2 is widely used in many applications and is present, as a dependency, in many services. These include enterprise applications as well as numerous cloud services.
# https://www.lunasec.io/docs/blog/log4j-zero-day/
# https://gist.github.com/byt3bl33d3r/46661bc206d323e6770907d259e009b6
# https://github.com/whwlsfb/Log4j2Scan
# https://github.com/Cybereason/Logout4Shell
#apache #log4j #cve #rce
log4hshell — Quick Guide
https://musana.net/2021/12/13/log4shell-Quick-Guide/
#log4j #waf #bypass #bugbounty
https://musana.net/2021/12/13/log4shell-Quick-Guide/
#log4j #waf #bypass #bugbounty
Bug Bounty Tip — Log4j Vulnerability Cheatsheet
— How It Works
— Test Environments
— Challenges & Labs (Rooms)
— Where Payloads can be Injected
— What Information can be Extracted
— How To Identify (Services & Scanners)
#log4j #cheatsheet #bugbounty
— How It Works
— Test Environments
— Challenges & Labs (Rooms)
— Where Payloads can be Injected
— What Information can be Extracted
— How To Identify (Services & Scanners)
#log4j #cheatsheet #bugbounty
❤1
Log4jHorizon
A proof of concept for VMWare Horizon instances and allows attackers to execute code as an unauthenticated user using a single HTTP request.
Research:
https://www.sprocketsecurity.com/blog/crossing-the-log4j-horizon-a-vulnerability-with-no-return
Exploit:
https://github.com/puzzlepeaches/Log4jHorizon
#log4j #vmware #horizon #rce
A proof of concept for VMWare Horizon instances and allows attackers to execute code as an unauthenticated user using a single HTTP request.
Research:
https://www.sprocketsecurity.com/blog/crossing-the-log4j-horizon-a-vulnerability-with-no-return
Exploit:
https://github.com/puzzlepeaches/Log4jHorizon
#log4j #vmware #horizon #rce
👍3
Log4j — WAF and Patches Bypass Tricks
https://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words
#log4j #waf #bypass #bugbounty
https://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass-words
#log4j #waf #bypass #bugbounty
GitHub
GitHub - Puliczek/CVE-2021-44228-PoC-log4j-bypass-words: 🐱💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks
🐱💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks - Puliczek/CVE-2021-44228-PoC-log4j-bypass-words