Exploit for Improper Input Validation in Apache Log4J CVE-2021-44228

Name: Exploit for Improper Input Validation in Apache Log4J CVE-2021-44228
Rating: 5 (193 reviews)

2023-02-28 | CVSS 9.3

## https://sploitus.com/exploit?id=024D29D3-309F-5B7F-B8C9-2AF149F9A213
# PoC of log4j, CVE - 2021 - 44228

## Introduction
    In this repository you can find a reverse shell to a vulnerable website that contains log4j vulnerabilty, exactly the CVE-2021-44228.

## Case of Use
    - Install the required packages from `requierements.txt` by doing pip install -r requirements.txt
    - The java version installed in your computer must be jdk1.8.0_20. Also marshalsec-0.0.3-SNAPSHOT-all.jar, log4shell-1.0-SNAPSHOT.war are needed for         the exploit.
    - Launch a netcat in another port to get the reverse shell in it doing nc -lvnp 9001.
    - In my case I have made some proves to a vulnerable log4j server that is in a **public domain**.
### The test server is from the catalonian sanity service 13.42.103.149
### The PoC works fine. However, there are some legal issues with the machine. I don't own it but I know the owner.

# Disclaiming, this tool has been used for educational purpouses only.