To be fair, the attack chain is pretty straight forward. I kinda hope all the other vulnerabilities are easy to analyze like this one… log4j By looking at log4j’s official documents, it’s not hard to get an idea on how it basically works. To build a test environment, start a new Java project, and add … Continue reading Log4j Analysis: More JNDI Injection
本文由斗象TCC史辛泽荣誉出品，偷图偷代码还不给署名的我劝你好自为之。 Preface A few days ago, Orange dropped another two Microsoft Exchange attack chains on his BlackHat presentation. The two new attacks are ProxyOrcale, which focuses on the Padding Orcale Attack, and ProxyShell, which exploits a Path Confusion vulnerability to achieve arbitrary file write and eventually code execution. This blog assumes readers have read Orange’s … Continue reading My Steps of Reproducing ProxyShell
Follow My Blog
Get new content delivered directly to your inbox.