CVE-2021-44228 Apache Log4j2 <=2.14.1 JNDI RCE

[hh-hunter]

Hi @magl0, #219 is complete, it was originally published as an authentication bypass but on 6 November details of a vulnerability exploit for RCE appeared, this vulnerability is more impactful and can gain access to the server, please check it out. Thanks!

I have completed the detection of the plug-in, but there are one issues that need to be explained to you
-When I use the crawler, the data in the post form is always empty. Can you fix this problem for me?

I have provided two environments for testing.

The first step is to clone my vulnerability environment warehouse to the local

git clone github.com/hh-hunter/log4j-docker
cd log4j-docker

Vulnerable image:

docker-compose -f docker-compose-vulnerability.yml up

Safe image:

docker-compose -f docker-compose-no-vulnerabilities.yaml up

The exposed web service port is 8080.

[magl0]

Hi @hh-hunter, please hold on making further changes in this PR. There are some Google internal effort on this detector as well and we would like to merge the work. And we plan to make the existing crawling results visible to all vulnerability detectors so that you don't need to implement a crawler on your own.

[hh-hunter]

Okay, could you please follow up on my latest comment in #219 ?

[hh-hunter]

@magl0 I have received an email about this pr, can I go on to review my other plugin (#189 #220 #217 #198) now?