Exploit for Improper Input Validation in Apache Log4J

Name: Exploit for Improper Input Validation in Apache Log4J
Rating: 5 (216 reviews)

2021-12-14 | CVSS 8.8

## https://sploitus.com/exploit?id=3ACF6BFE-C853-50C6-BD49-B76794B8BA53
# Simple Spring Boot application vulnerable to CVE-2021-44228 (Log4Shell)

This proof-of-concept application for CVE-2021-44228 (a.k.a log4shell) is a part of my [writeup](https://www.pidnull.io/2021/12/17/CVE-2021-44228-log4j2-analysis-exploit-PoC.html). For the complete exploit details, refer to the writeup.

## Instructions

Run:

```bash
docker run --rm -p 8080:8080 --name log4shell-poc-app ghcr.io/guerzon/log4shellpoc:latest
```

Or build and run:

```bash
docker build . -t log4shellpoc
docker run --rm -p 8080:8080 --name log4shell-poc-app log4shellpoc
```

### Result

![](screenshots/recording.gif)

## Notes

Spring Boot project inspired by: https://github.com/christophetd/log4shell-vulnerable-app/