# log4j-CVE-2021-44228-test
demo projects to highlight how to execute the log4j (CVE-2021-44228) vulnerability

used spring boot just to be quickly set up. you'll have to excuse all the hard coding, it was just a POC.

## Usage
Have Java 8 installed. Build using maven ```mvn clean package -DskipTests```. Run these commands in separate shell windows:
java -jar vulnerable-server/target/vulnerable-server.jar
java -jar malicious-server/target/malicious-server.jar
curl http://localhost:8880/victimLDAP
curl http://localhost:8880/victimRMI

This should execute the code in the Exploit class (which will just open up the calculator)