关联漏洞
描述
Simple Spring Boot application vulnerable to CVE-2021-44228 (a.k.a log4shell)
介绍
# Simple Spring Boot application vulnerable to CVE-2021-44228 (Log4Shell)
This proof-of-concept application for CVE-2021-44228 (a.k.a log4shell) is a part of my [writeup](https://www.pidnull.io/2021/12/17/CVE-2021-44228-log4j2-analysis-exploit-PoC.html). For the complete exploit details, refer to the writeup.
## Instructions
Run:
```bash
docker run --rm -p 8080:8080 --name log4shell-poc-app ghcr.io/guerzon/log4shellpoc:latest
```
Or build and run:
```bash
docker build . -t log4shellpoc
docker run --rm -p 8080:8080 --name log4shell-poc-app log4shellpoc
```
### Result
## Notes
Spring Boot project inspired by: https://github.com/christophetd/log4shell-vulnerable-app/
文件快照
[4.0K] /data/pocs/915bc62e40f685f7b2416e3105ddae71361d36ab
├── [ 606] build.gradle
├── [ 416] Dockerfile
├── [4.0K] gradle
│ └── [4.0K] wrapper
│ ├── [ 58K] gradle-wrapper.jar
│ └── [ 202] gradle-wrapper.properties
├── [7.9K] gradlew
├── [2.7K] gradlew.bat
├── [ 34K] LICENSE
├── [ 715] README.md
├── [4.0K] screenshots
│ └── [820K] recording.gif
├── [ 34] settings.gradle
└── [4.0K] src
├── [4.0K] main
│ ├── [4.0K] java
│ │ └── [4.0K] io
│ │ └── [4.0K] pidnull
│ │ └── [4.0K] log4shell
│ │ └── [4.0K] log4shellpoc
│ │ ├── [ 338] Log4shellpocApplication.java
│ │ └── [ 813] URLsController.java
│ └── [4.0K] resources
│ └── [ 1] application.properties
└── [4.0K] test
└── [4.0K] java
└── [4.0K] io
└── [4.0K] pidnull
└── [4.0K] log4shell
└── [4.0K] log4shellpoc
└── [ 231] Log4shellpocApplicationTests.java
17 directories, 14 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。