关联漏洞
描述
Log4Shell (CVE-2021-44228) PoC Application
介绍
# ☕ Log4Shell PoC Application
Spring framework based web application for proof of concept for log4shell vulnerabilities
## Install & Launch
> [!Important]
> JDK 1.8(8u131 in development) is required to launch this project
Use the provided `Dockerfile` to build and run the Docker image for poc application.
```shell
docker build --tag log4shell-poc-application .
docker run -d -p 8080:8000 --name Log4shell-PoC-Application log4shell-poc-application
```
## Proof of Concept
To test for vulnerabilities in this application, you must send a GET request by inserting the payload into the `X-Api-Key header` in the `/vuln` path.
文件快照
[4.0K] /data/pocs/b10de0721c35100b0dd1ef98a9a26b0f3417c6dd
├── [ 821] build.gradle
├── [ 317] Dockerfile
├── [4.0K] gradle
│ └── [4.0K] wrapper
│ ├── [ 42K] gradle-wrapper.jar
│ └── [ 250] gradle-wrapper.properties
├── [8.5K] gradlew
├── [2.8K] gradlew.bat
├── [ 669] README.md
├── [4.0K] screenshot
│ └── [679K] poc.png
├── [ 47] settings.gradle
└── [4.0K] src
├── [4.0K] main
│ ├── [4.0K] java
│ │ └── [4.0K] com
│ │ └── [4.0K] nikitapark
│ │ └── [4.0K] log4shellpocapplication
│ │ ├── [4.0K] controller
│ │ │ ├── [ 294] HomeController.java
│ │ │ └── [ 661] VulnController.java
│ │ └── [ 436] Log4ShellPoCApplication.java
│ └── [4.0K] resources
│ ├── [ 66] application.properties
│ ├── [ 485] log4j2.fxml
│ └── [4.0K] templates
│ └── [1.7K] index.html
└── [4.0K] test
└── [4.0K] java
└── [4.0K] com
└── [4.0K] nikitapark
└── [4.0K] log4shellpocapplication
└── [ 245] Log4ShellPoCApplicationTests.java
17 directories, 16 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。