CVE-2021-44228 PoC — Apache Log4j 代码问题漏洞

Source

https://github.com/recanavar/vuln_spring_log4j2

Associated Vulnerability

Title:Apache Log4j 代码问题漏洞 (CVE-2021-44228)
Description:Apache Log4j是美国阿帕奇（Apache）基金会的一款基于Java的开源日志记录工具。 Apache Log4J 存在代码问题漏洞，攻击者可设计一个数据请求发送给使用 Apache Log4j工具的服务器，当该请求被打印成日志时就会触发远程代码执行。

Description

Simple Vulnerable Spring Boot Application to Test the CVE-2021-44228

Readme

# vuln_spring_log4j2

Vulnerable spring application for testing the log4j2 (CVE-2021-44228)

<b>Java Version:</b> 1.8  
<b>Spring Boot Version:</b> 2.4.0  
<b> Spring Core Version:</b> 5.3.1  
<b>Log4j Version:</b> 2.13.3  

<b>Burp</b>
<img src=/ss/burp.png></img>

<b>Log</b>
<img src=/ss/log.png></img>

File Snapshot


 [4.0K]  /data/pocs/0d16b5a45b0f653f0cd456f51f6097bd24d21dfd
├── [1.6K]  pom.xml
├── [ 306]  README.md
├── [4.0K]  src
│   ├── [4.0K]  main
│   │   ├── [4.0K]  java
│   │   │   └── [4.0K]  com
│   │   │       └── [4.0K]  vulnspring
│   │   │           └── [4.0K]  logging
│   │   │               ├── [ 327]  VulnerableSpringBootApp.java
│   │   │               └── [1.4K]  VulnerableSpringBootRest.java
│   │   └── [4.0K]  resources
│   │       └── [   0]  application.properties
│   └── [4.0K]  test
│       └── [4.0K]  java
│           └── [4.0K]  com
│               └── [4.0K]  vulnspring
│                   └── [4.0K]  logging
│                       └── [ 220]  VulnerableSpringBootAppTests.java
└── [4.0K]  ss
    ├── [437K]  burp.png
    └── [ 35K]  log.png

13 directories, 8 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!