This article explain the Apache Log4Shell vulnerability in plain English, and give you some simple educational code that you can use safely and easily at home (or even directly on your own servers) in order to learn more.
Just to be clear up front: article is not going to show you how to build a working exploit, or how set up the services you need in the cloud to deliver active payloads.
Instead, you will learn:
- How vulnerabilities like this end up in software.
- How the Log4Shell vulnerability works.
- The various ways it can be abused.
- How to use Apache’s suggested mitigations.
- How to test your mitigations for effectiveness.
- Where to go from here.