3
log4j复现 | Sn1pEr's blog
source link: https://sn1per-ssd.github.io/2022/01/03/log4j%E5%A4%8D%E7%8E%B0/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
log4j复现
阅读数:1次
字数统计: 131字
| 阅读时长≈ 1分
复现其实刚出没几天就复现完了(payload到处飞,好几天了都),但主要是漏洞原理一直没怎么搞明白,现在简单记录一下。
jdk 1.8_102(和fastjson一样,这样能让ldap和rmi都能用)
log4j的jar包的下载地址:https://github.com/apache/logging-log4j2/releases/tag/rel/2.14.0(我也忘了我是哪里下载的了,apache官网里的低版本好像被删了,给的链接为github的源码,用mvn打包一下即可用(大概吧))
扫一扫,分享到微信
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK