Spring Boot Log4j - CVE-2021-44228

December 13, 2021 less than 1 minute read

Description

The Log4Shell vulnerability (CVE-2021-44228) ultimately is a quite simple JNDI Injection flaw, but in a really really bad place. Log4J will perform a JNDI lookup() while expanding placeholders in logging messages (or indirectly as parameters for formatted messages) - readmore PSA: Log4Shell and the current state of JNDI injection.

For information and setup, let’s navigate to my github repository Spring Boot Log4j - CVE-2021-44228

References

Log4Shell: RCE 0-day exploit found in log4j 2, a popular Java logging package
PSA: Log4Shell and the current state of JNDI injection
Log4Shell sample vulnerable application (CVE-2021-44228)
~~JNDIExploit~~ Update (Dec 13th): The JNDIExploit repository has been removed from GitHub

Online Railway Reservation System 1.0 - ‘id’ SQL Injection (Unauthenticated)

January 7, 2022 less than 1 minute read

Information about vulnerability - Exploit Title: Online Railway Reservation System 1.0 - 'id' SQL Injection (Unauthenticated) - Date: 07/01/2022 - Exploit Au...

Online Veterinary Appointment System 1.0 - ‘Multiple’ SQL Injection

January 5, 2022 less than 1 minute read

Information about vulnerability - Exploit Title: Online Veterinary Appointment System 1.0 - 'Multiple' SQL Injection - Date: 05/01/20222 - Exploit Author: tw...

Hospitals Patient Records Management System 1.0 - ‘id’ SQL Injection (Authenticated)

December 30, 2021 less than 1 minute read

Information about vulnerability - Exploit Title: Hospital's Patient Records Management System v1.0 - 'id' SQL Injection (Authenticated) - Date: 2021-12-30 - ...

twseptian