Skip to content

CrackerCat/Log4j2DoS

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Log4j2 Dos Env

漏洞环境仅用于安全研究,禁止非法用途,造成的后果使用者负责

第一种情况

log4j2.xml中配置

<?xml version="1.0" encoding="UTF-8"?>
<Configuration status="warn" name="MyApp" packages="">
    <appenders>
        <console name="STDOUT" target="SYSTEM_OUT">
            <PatternLayout pattern="%msg{lookups}%n"/>
        </console>
    </appenders>
    <Loggers>
        <Root level="info">
            <AppenderRef ref="STDOUT"/>
        </Root>
    </Loggers>
</Configuration>

这时候漏洞地址为:localhost:8080/test?message=payload

第二种情况

log4j2.xml中配置

<?xml version="1.0" encoding="UTF-8"?>
<Configuration status="warn" name="MyApp" packages="">
    <appenders>
        <console name="STDOUT" target="SYSTEM_OUT">
            <PatternLayout>
                <pattern>%d %p %c{1.} [%t] $${ctx:loginId} %m%n</pattern>
            </PatternLayout>
        </console>
    </appenders>
    <Loggers>
        <Root level="info">
            <AppenderRef ref="STDOUT"/>
        </Root>
    </Loggers>
</Configuration>

这时候漏洞地址为:localhost:8080/cve?userId=payload

About

Log4j2 DoS Env

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages