├── .gitignore
├── .idea
    ├── .gitignore
    ├── compiler.xml
    ├── jarRepositories.xml
    ├── misc.xml
    ├── vcs.xml
    └── workspace.xml
├── README.md
├── pom.xml
└── src
    └── main
        ├── java
            └── HelloLog.java
        └── resources
            └── log4j2.xml


/.gitignore:
--------------------------------------------------------------------------------
 1 | .DS_Store
 2 | target/
 3 | pom.xml.tag
 4 | pom.xml.releaseBackup
 5 | pom.xml.versionsBackup
 6 | pom.xml.next
 7 | release.properties
 8 | dependency-reduced-pom.xml
 9 | buildNumber.properties
10 | .mvn/timing.properties
11 | # https://github.com/takari/maven-wrapper#usage-without-binary-jar
12 | .mvn/wrapper/maven-wrapper.jar
13 | 


--------------------------------------------------------------------------------
/.idea/.gitignore:
--------------------------------------------------------------------------------
1 | # Default ignored files
2 | /shelf/
3 | # /workspace.xml
4 | 


--------------------------------------------------------------------------------
/.idea/compiler.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <project version="4">
 3 |   <component name="CompilerConfiguration">
 4 |     <annotationProcessing>
 5 |       <profile name="Maven default annotation processors profile" enabled="true">
 6 |         <sourceOutputDir name="target/generated-sources/annotations" />
 7 |         <sourceTestOutputDir name="target/generated-test-sources/test-annotations" />
 8 |         <outputRelativeToContentRoot value="true" />
 9 |         <module name="log4shell" />
10 |       </profile>
11 |     </annotationProcessing>
12 |   </component>
13 | </project>


--------------------------------------------------------------------------------
/.idea/jarRepositories.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <project version="4">
 3 |   <component name="RemoteRepositoriesConfiguration">
 4 |     <remote-repository>
 5 |       <option name="id" value="central" />
 6 |       <option name="name" value="Central Repository" />
 7 |       <option name="url" value="https://repo.maven.apache.org/maven2" />
 8 |     </remote-repository>
 9 |     <remote-repository>
10 |       <option name="id" value="central" />
11 |       <option name="name" value="Maven Central repository" />
12 |       <option name="url" value="https://repo1.maven.org/maven2" />
13 |     </remote-repository>
14 |     <remote-repository>
15 |       <option name="id" value="jboss.community" />
16 |       <option name="name" value="JBoss Community repository" />
17 |       <option name="url" value="https://repository.jboss.org/nexus/content/repositories/public/" />
18 |     </remote-repository>
19 |   </component>
20 | </project>


--------------------------------------------------------------------------------
/.idea/misc.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <project version="4">
 3 |   <component name="ExternalStorageConfigurationManager" enabled="true" />
 4 |   <component name="MavenProjectsManager">
 5 |     <option name="originalFiles">
 6 |       <list>
 7 |         <option value="$PROJECT_DIR$/pom.xml" />
 8 |       </list>
 9 |     </option>
10 |   </component>
11 |   <component name="ProjectRootManager" version="2" languageLevel="JDK_13" default="true" project-jdk-name="13" project-jdk-type="JavaSDK" />
12 | </project>


--------------------------------------------------------------------------------
/.idea/vcs.xml:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="UTF-8"?>
2 | <project version="4">
3 |   <component name="VcsDirectoryMappings">
4 |     <mapping directory="" vcs="Git" />
5 |   </component>
6 | </project>


--------------------------------------------------------------------------------
/.idea/workspace.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <project version="4">
 3 |   <component name="AutoImportSettings">
 4 |     <option name="autoReloadType" value="SELECTIVE" />
 5 |   </component>
 6 |   <component name="ChangeListManager">
 7 |     <list default="true" id="f95c0806-b807-4cd4-a4a8-9c6f1183e860" name="Changes" comment="">
 8 |       <change beforePath="$PROJECT_DIR$/.idea/.gitignore" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/.gitignore" afterDir="false" />
 9 |     </list>
10 |     <option name="SHOW_DIALOG" value="false" />
11 |     <option name="HIGHLIGHT_CONFLICTS" value="true" />
12 |     <option name="HIGHLIGHT_NON_ACTIVE_CHANGELIST" value="false" />
13 |     <option name="LAST_RESOLUTION" value="IGNORE" />
14 |   </component>
15 |   <component name="Git.Settings">
16 |     <option name="RECENT_GIT_ROOT_PATH" value="$PROJECT_DIR$" />
17 |   </component>
18 |   <component name="MarkdownSettingsMigration">
19 |     <option name="stateVersion" value="1" />
20 |   </component>
21 |   <component name="MavenImportPreferences">
22 |     <option name="generalSettings">
23 |       <MavenGeneralSettings>
24 |         <option name="useMavenConfig" value="true" />
25 |       </MavenGeneralSettings>
26 |     </option>
27 |   </component>
28 |   <component name="ProjectId" id="22KuODdNRgkj2jXzN4AuuJcGzz8" />
29 |   <component name="ProjectViewState">
30 |     <option name="hideEmptyMiddlePackages" value="true" />
31 |     <option name="showLibraryContents" value="true" />
32 |   </component>
33 |   <component name="PropertiesComponent">
34 |     <property name="ASKED_SHARE_PROJECT_CONFIGURATION_FILES" value="true" />
35 |     <property name="RunOnceActivity.OpenProjectViewOnStart" value="true" />
36 |     <property name="RunOnceActivity.ShowReadmeOnStart" value="true" />
37 |   </component>
38 |   <component name="RunManager">
39 |     <configuration name="HelloLog" type="Application" factoryName="Application" temporary="true" nameIsGenerated="true">
40 |       <option name="MAIN_CLASS_NAME" value="HelloLog" />
41 |       <module name="log4shell" />
42 |       <method v="2">
43 |         <option name="Make" enabled="true" />
44 |       </method>
45 |     </configuration>
46 |     <recent_temporary>
47 |       <list>
48 |         <item itemvalue="Application.HelloLog" />
49 |       </list>
50 |     </recent_temporary>
51 |   </component>
52 |   <component name="SpellCheckerSettings" RuntimeDictionaries="0" Folders="0" CustomDictionaries="0" DefaultDictionary="application-level" UseSingleDictionary="true" transferred="true" />
53 |   <component name="TaskManager">
54 |     <task active="true" id="Default" summary="Default task">
55 |       <changelist id="f95c0806-b807-4cd4-a4a8-9c6f1183e860" name="Changes" comment="" />
56 |       <created>1639598566887</created>
57 |       <option name="number" value="Default" />
58 |       <option name="presentableId" value="Default" />
59 |       <updated>1639598566887</updated>
60 |     </task>
61 |     <servers />
62 |   </component>
63 |   <component name="XDebuggerManager">
64 |     <breakpoint-manager>
65 |       <breakpoints>
66 |         <line-breakpoint enabled="true" type="java-line">
67 |           <url>file://$PROJECT_DIR$/src/main/java/HelloLog.java</url>
68 |           <line>11</line>
69 |           <option name="timeStamp" value="2" />
70 |         </line-breakpoint>
71 |       </breakpoints>
72 |     </breakpoint-manager>
73 |   </component>
74 | </project>


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # log4j CVE-2021-44228
 2 | Lame useless repo to look into log4j CVE-2021-44228.
 3 | 
 4 | ## Setup
 5 | 
 6 | The repository contains a `.idea/` folder which is a [IntelliJ IDEA](https://www.jetbrains.com/idea/download/) project file. The IDE can be used to easily run and debug the `log4j` functionality.
 7 | 
 8 | ## Videos
 9 | 
10 | * Part 1: https://www.youtube.com/watch?v=w2F67LbEtnk
11 | * Part 2: https://www.youtube.com/watch?v=iI9Dz3zN4d8
12 | 


--------------------------------------------------------------------------------
/pom.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <project xmlns="http://maven.apache.org/POM/4.0.0"
 3 |          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 4 |          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 5 |     <modelVersion>4.0.0</modelVersion>
 6 | 
 7 |     <groupId>org.example</groupId>
 8 |     <artifactId>log4shell</artifactId>
 9 |     <version>1.0-SNAPSHOT</version>
10 |     <dependencies>
11 |         <dependency>
12 |             <groupId>org.apache.logging.log4j</groupId>
13 |             <artifactId>log4j-api</artifactId>
14 |             <version>2.14.1</version>
15 |         </dependency>
16 |         <dependency>
17 |             <groupId>org.apache.logging.log4j</groupId>
18 |             <artifactId>log4j-core</artifactId>
19 |             <version>2.14.1</version>
20 |         </dependency>
21 |     </dependencies>
22 | 
23 |     <properties>
24 |         <maven.compiler.source>13</maven.compiler.source>
25 |         <maven.compiler.target>13</maven.compiler.target>
26 |     </properties>
27 | 
28 | </project>


--------------------------------------------------------------------------------
/src/main/java/HelloLog.java:
--------------------------------------------------------------------------------
 1 | import org.apache.logging.log4j.LogManager;
 2 | import org.apache.logging.log4j.Logger;
 3 | import org.apache.logging.log4j.Level;
 4 | public class HelloLog {
 5 | 
 6 |     private static final Logger logger = LogManager.getLogger();
 7 | 
 8 |     public static void main(String[] args) {
 9 |         String userInput = "${jndi:http://localhost/AAAA/BBBB}";
10 | 
11 |         // passing user input into the logger
12 |         logger.info("Test: "+userInput);
13 | 
14 |         // %m{nolookups} has no effect for the following line
15 |         // logger.printf(Level.INFO,"Test: %s", userInput);
16 |     }
17 | }
18 | 
19 | 


--------------------------------------------------------------------------------
/src/main/resources/log4j2.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <Configuration status="WARN">
 3 |     <Appenders>
 4 |         <Console name="Console" target="SYSTEM_OUT">
 5 |             <!--
 6 |             <PatternLayout pattern="[%t] %m{nolookups} %n"/>
 7 |             -->
 8 |             <PatternLayout pattern="[%t] %m %n"/>
 9 |         </Console>
10 |     </Appenders>
11 |     <Loggers>
12 |         <Root level="info">
13 |             <AppenderRef ref="Console"/>
14 |         </Root>
15 |     </Loggers>
16 | </Configuration>


--------------------------------------------------------------------------------