Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/code-scan/log4j-rce-demo
log4j rce测试项目
https://github.com/code-scan/log4j-rce-demo
Last synced: 22 days ago
JSON representation
log4j rce测试项目
- Host: GitHub
- URL: https://github.com/code-scan/log4j-rce-demo
- Owner: code-scan
- Created: 2021-12-10T11:33:05.000Z (about 3 years ago)
- Default Branch: main
- Last Pushed: 2021-12-10T13:49:17.000Z (about 3 years ago)
- Last Synced: 2024-08-05T17:36:19.246Z (4 months ago)
- Language: Java
- Size: 1.98 MB
- Stars: 3
- Watchers: 1
- Forks: 3
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - code-scan/log4j-rce-demo - log4j rce测试项目 (Java)
README
# log4j-rce-demo
## log4j rce 测试项目
## 漏洞原因
log4j在输出日志的时候会经过format,其中会判断是否存在${这样的字符串,如果存在lookup中判断其协议是否是jndi,最后通过jndiManager进行调用
## 参考资料
[JNDI-Injection-Exploit](https://buaq.net/go-93577.html)
[log4j poc](https://buaq.net/go-93563.html)
[漏洞分析](https://hosch3n.github.io/2021/12/10/Log4j2%E6%BC%8F%E6%B4%9E%E6%B5%85%E6%9E%90/)
https://github.com/welk1n/JNDI-Injection-Exploit/blob/master/README-CN.md