CVE-2021-45105

This repository contains a functional proof-of-concept for CVE-2021-45105, a Log4j2 denial-of-service vulnerability triggered by recursive lookup patterns. The PoC demonstrates the exploit via a Spring Boot application that logs malicious input, causing an infinite loop in Log4j's property interpolation.

This is a functional proof-of-concept exploit for CVE-2021-45105, a denial-of-service (DoS) vulnerability in Apache Log4j2. The script crafts a malicious payload to trigger excessive recursion in Log4j2's lookup patterns, causing high CPU usage and potential service disruption.

This repository contains a Go-based tool for discovering and remediating the Log4Shell vulnerability (CVE-2021-45105) by scanning for and removing the 'JndiLookup.class' file from '.ear', '.jar', and '.war' files. It includes functionality to scan the filesystem and automatically patch vulnerable files.

This repository contains a Spring Boot application demonstrating CVE-2021-45105, a DoS vulnerability in Log4j2 versions 2.0-beta9 to 2.16.0. The exploit triggers an infinite loop in property interpolation via crafted HTTP headers or POST data.

This repository contains a working PoC for CVE-2021-45105, demonstrating a SpEL injection vulnerability in Spring Cloud Function. The exploit leverages malformed SpEL expressions in HTTP headers to trigger remote code execution.

This repository contains a Spring Boot application demonstrating CVE-2021-45105, a DoS vulnerability in Log4j2 due to infinite recursion in lookup patterns. The PoC includes endpoints that trigger the vulnerability via crafted headers or JSON payloads.

This repository provides a functional proof-of-concept for CVE-2021-44228 (Log4Shell) and CVE-2021-45105, demonstrating RCE via JNDI injection and DoS via recursive lookup. It includes detailed setup instructions, exploitation steps, and validation of the attack.