-
Notifications
You must be signed in to change notification settings - Fork 740
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Discussion] Way to setup a vulnerable test environment #25
Comments
Install an old version of apache Solr, like 8.9.0. It's vulnerable out of the box. the install is like 4 commands in ubuntu - follow this guide: https://www.osradar.com/install-apache-solr-ubuntu-20-04/ |
I did this last night, does the job for me: https://github.com/zsolt-halo/CVE-2021-44228-Spring-Boot-Test-Service |
Thanks a lot, I had no chance with solr 8.9.0, but @zsolt-halo worked like a charm ! |
Awesome thread :) |
https://github.com/christophetd/log4shell-vulnerable-app should make it easy, just run:
... and you have a vulnerable Spring Boot application running on port 8080! |
I try 3000 IPs ,but always retrun message "Targets does not seem to be vulnerable". Is my setting wrong? |
Edit: wrong thread sorry |
Hello,
nice tool and thanks for sharing.
Is there an easy way to setup a purposely vulnerable test environment ?
I tried setting up several images from https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/ that should be vulnerable (even user older than disclosure tags).
Despite the effort, I've not been able to trigger a vulnerability detection which I'd like to see for validation purposes.
Regards
The text was updated successfully, but these errors were encountered: