background

Recently, Apache Log4j2 remote code execution vulnerability appeared on the network. An attacker can exploit this vulnerability to construct a special data request packet that eventually triggers remote code execution. Due to the vulnerability of a wide range of impact, it is recommended that the majority of users timely check the relevant vulnerabilities, after the white Hat Hui Security Research institute analysis confirmed that there are a number of popular systems on the market are affected.

Log4j, as a widely used library for so much software, is so vulnerable that programmers are reportedly being called up in the middle of the night to fix it.

Vulnerability describes

Apache Log4j2 is a Java-based logging tool. The tool rewrites the Log4j framework and introduces a number of rich features. The logging framework is widely used in business system development to record log information.

In most cases, the developer may write the error message caused by user input to the log. An attacker can exploit this vulnerability to construct a special data request package that eventually triggers remote code execution.

The vulnerability hazard level: serious

scope

Check whether the Java application uses the log4J-API and log4J-core jars. If there is an application, it will most likely be affected.

Vulnerability principle

Scan tool – Run environment

Python based scanning tool, the need to run a python environment

Scanning tool – Instructions

  1. Downloading the Tool Package

    git clone https://github.com/Aronlele/log4j-scan.git
Copy the code

  2. Install necessary Components

    pip3 install -r requirements.txt
Copy the code

  3. Scanning with tools

    Py -h # Perform a single URL scan for Python log4j-scan. Py -u http://xxx.xxx.com/local # Perform a collection URL scan for Python Log4j - scan. Py - l urls. TXT # support GET POST HEADER etc all test python log4j - scan. Py -u https://log4j.lab.secbot.local --run-all-testsCopy the code

    Note: For other related commands, see tool commands for help

After detection, as shown in the figure:

Repair advice

If you get caught, fix it!

Official release now, version 2.16.0, can be fixed in time