这个仓库用来重现一些bug

1. 复现log4j2 远程代码执行bug

1.1 复现步骤

先启动 java com.dyz.log4j.bug.back.hacker.Client
然后启动 java com.dyz.log4j.bug.back.server.BusinessServer
说明(tree /f)
com.dyz.log4j.bug.back.hacker 包下用来模拟黑客攻击
com.dyz.log4j.bug.back.server 包下用来模拟业务服务器(被攻击)

├─hacker --模拟黑客
│     │ Client.java -- 黑客的攻击服务
│     │
│     └─logic
│          Attack.java -- 黑客的攻击逻辑
│
└─server --模拟业务服务器
                 BusinessServer.java

1.3 参考链接
https://docs.oracle.com/javase/tutorial/jndi/overview/index.html
https://logging.apache.org/log4j/2.x/manual/lookups.html

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
log4j-bug		log4j-bug
.gitignore		.gitignore
README.MD		README.MD

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

log4j-bug

log4j-bug

.gitignore

.gitignore

README.MD

README.MD

Repository files navigation

这个仓库用来重现一些bug

1. 复现log4j2 远程代码执行bug

About

Releases

Packages

Languages

1092682749/bug-back

Folders and files

Latest commit

History

Repository files navigation

这个仓库用来重现一些bug

1. 复现log4j2 远程代码执行bug

About

Resources

Stars

Watchers

Forks

Languages