Giters

guerzon / log4shellpoc

Simple Spring Boot application vulnerable to CVE-2021-44228 (a.k.a log4shell)

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

log4j2log4jproof-of-conceptjndi-exploitpenetration-testing

Simple Spring Boot application vulnerable to CVE-2021-44228 (Log4Shell)

This proof-of-concept application for CVE-2021-44228 (a.k.a log4shell) is a part of my writeup. For the complete exploit details, refer to the writeup.

Instructions

Run:

docker run --rm -p 8080:8080 --name log4shell-poc-app ghcr.io/guerzon/log4shellpoc:latest

Or build and run:

docker build . -t log4shellpoc
docker run --rm -p 8080:8080 --name log4shell-poc-app log4shellpoc

Result

Notes

Spring Boot project inspired by: https://github.com/christophetd/log4shell-vulnerable-app/

About

Simple Spring Boot application vulnerable to CVE-2021-44228 (a.k.a log4shell)

log4j2log4jproof-of-conceptjndi-exploitpenetration-testing

License:GNU General Public License v3.0

Languages

Language:Java 76.9%Language:Dockerfile 23.1%