log4j在输出日志的时候会经过format,其中会判断是否存在${这样的字符串,如果存在lookup中判断其协议是否是jndi,最后通过jndiManager进行调用
JNDI-Injection-Exploit log4j poc 漏洞分析
https://github.com/welk1n/JNDI-Injection-Exploit/blob/master/README-CN.md
-
Notifications
You must be signed in to change notification settings - Fork 3
code-scan/log4j-rce-demo
About
log4j rce测试项目
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published