├── .gitignore
├── .idea
├── .gitignore
├── compiler.xml
├── jarRepositories.xml
├── misc.xml
├── vcs.xml
└── workspace.xml
├── README.md
├── pom.xml
└── src
└── main
├── java
└── HelloLog.java
└── resources
└── log4j2.xml
/.gitignore:
--------------------------------------------------------------------------------
1 | .DS_Store
2 | target/
3 | pom.xml.tag
4 | pom.xml.releaseBackup
5 | pom.xml.versionsBackup
6 | pom.xml.next
7 | release.properties
8 | dependency-reduced-pom.xml
9 | buildNumber.properties
10 | .mvn/timing.properties
11 | # https://github.com/takari/maven-wrapper#usage-without-binary-jar
12 | .mvn/wrapper/maven-wrapper.jar
13 |
--------------------------------------------------------------------------------
/.idea/.gitignore:
--------------------------------------------------------------------------------
1 | # Default ignored files
2 | /shelf/
3 | # /workspace.xml
4 |
--------------------------------------------------------------------------------
/.idea/compiler.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/.idea/jarRepositories.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
--------------------------------------------------------------------------------
/.idea/misc.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
10 |
11 |
12 |
--------------------------------------------------------------------------------
/.idea/vcs.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/.idea/workspace.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 |
44 |
45 |
46 |
47 |
48 |
49 |
50 |
51 |
52 |
53 |
54 |
55 |
56 | 1639598566887
57 |
58 |
59 | 1639598566887
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 | file://$PROJECT_DIR$/src/main/java/HelloLog.java
68 | 11
69 |
70 |
71 |
72 |
73 |
74 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # log4j CVE-2021-44228
2 | Lame useless repo to look into log4j CVE-2021-44228.
3 |
4 | ## Setup
5 |
6 | The repository contains a `.idea/` folder which is a [IntelliJ IDEA](https://www.jetbrains.com/idea/download/) project file. The IDE can be used to easily run and debug the `log4j` functionality.
7 |
8 | ## Videos
9 |
10 | * Part 1: https://www.youtube.com/watch?v=w2F67LbEtnk
11 | * Part 2: https://www.youtube.com/watch?v=iI9Dz3zN4d8
12 |
--------------------------------------------------------------------------------
/pom.xml:
--------------------------------------------------------------------------------
1 |
2 |
5 | 4.0.0
6 |
7 | org.example
8 | log4shell
9 | 1.0-SNAPSHOT
10 |
11 |
12 | org.apache.logging.log4j
13 | log4j-api
14 | 2.14.1
15 |
16 |
17 | org.apache.logging.log4j
18 | log4j-core
19 | 2.14.1
20 |
21 |
22 |
23 |
24 | 13
25 | 13
26 |
27 |
28 |
--------------------------------------------------------------------------------
/src/main/java/HelloLog.java:
--------------------------------------------------------------------------------
1 | import org.apache.logging.log4j.LogManager;
2 | import org.apache.logging.log4j.Logger;
3 | import org.apache.logging.log4j.Level;
4 | public class HelloLog {
5 |
6 | private static final Logger logger = LogManager.getLogger();
7 |
8 | public static void main(String[] args) {
9 | String userInput = "${jndi:http://localhost/AAAA/BBBB}";
10 |
11 | // passing user input into the logger
12 | logger.info("Test: "+userInput);
13 |
14 | // %m{nolookups} has no effect for the following line
15 | // logger.printf(Level.INFO,"Test: %s", userInput);
16 | }
17 | }
18 |
19 |
--------------------------------------------------------------------------------
/src/main/resources/log4j2.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
--------------------------------------------------------------------------------