This article is a mirror article of machine translation, please click here to jump to the original article.

Architect_Programmer_Code Agriculture Network»Architect Programming .Net/C # .NET program tests Java project log4j2 for remote code execution ...
View: 10163|Reply: 4

[Source] The .NET program tests the Java project log4j2 for a remote code execution vulnerability

[Copy link]
Posted on 2021-12-11 21:06:29 | | | |
In the past two days, it has been swiped by the "Apache Log4j2 remote code execution vulnerability" in the circle of friends, mainly because of the Java JNDI injection vulnerability in the component: when the program writes the data entered by the user into the log, the attacker constructs a special request to trigger the remote code execution vulnerability in Apache Log4j2, thereby exploiting this vulnerability to execute arbitrary code on the target server.

Scope of influence

Apache Log4j 2.x <= 2.14.1

JNDI (Java Naming and Directory Interface) is a Java naming and directory interface provided by Java. By calling JNDI's API, applications can locate resources and other program objects. JNDI is an important part of Java EE, it should be noted that it does not only include DataSource (JDBC data source), JNDI can access existing directories and services such as: JDBC, LDAP, RMI, DNS, NIS, CORBA, excerpted from Baidu Encyclopedia.

There are many articles on the Internet about how to fix vulnerabilities and screenshots of vulnerabilities, but little about how to test the project for the vulnerability.Java uses Log4j2 to test the code mainlyAs follows:


In simple terms, Log4j2 will access the following address through the RMI or LDAP protocol, and according to the content of the protocol, it may execute maliciously constructed code.

The existence of the vulnerability is almost always proven on the Internet by opening a Windows calculator, and the code is as follows:

Since Log4J2 uses RMI or LDAP protocols to access the attacker's server, and both RMI and LDAP protocols are TCP-based, we can do it directlyUsing .NET to listen on a TCP port, if a call to log4j2 to print logs accesses the .NET listening port, it proves that there may be a vulnerability, and if not, it proves secure

.NET generates very small test programs6kb, the code is as follows:

Try using the log4j component2.14.0The version is printed, and the rendering is as follows:



Try upgrading the log4j component to2.15.0version, executed again, the effect is as follows:



After upgrading the version, it is found that after calling the print log,The Java program no longer accesses the external port

Interested friends, you can refer to the following link to reproduce the vulnerability and call up the calculator.

The hyperlink login is visible.
The hyperlink login is visible.

Finally, attach the test procedure:

测试程序.rar (2.66 KB, Number of downloads: 1)





Previous:[Actual combat]. NET/C# Create an SQLite database and simply add, delete, modify
Next:CentOS system deployment nacos tutorial

Related Posts
 Landlord| Posted on 2021-12-13 13:37:35 |
After Java 8 121, the following configurations are required to reproduce the vulnerability:

 Landlord| Posted on 2021-12-19 12:10:22 |
Posted on 2021-12-20 23:09:51 |
Let's observe the operation of the boss
Posted on 2021-12-26 16:54:47 |
Come and learn again。。。。。。。
Disclaimer:
All software, programming materials or articles published by Code Farmer Network are only for learning and research purposes; The above content shall not be used for commercial or illegal purposes, otherwise, users shall bear all consequences. The information on this site comes from the Internet, and copyright disputes have nothing to do with this site. You must completely delete the above content from your computer within 24 hours of downloading. If you like the program, please support genuine software, purchase registration, and get better genuine services. If there is any infringement, please contact us by email.
Mail To:help@itsvse.com