Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit ef86a45

Browse filesBrowse files
4ra1n4ra1n
committed
update
1 parent ad8a792 commit ef86a45
Copy full SHA for ef86a45

File tree

Expand file treeCollapse file tree

3 files changed

+33
-5
lines changed
Open diff view settings
Filter options
Expand file treeCollapse file tree

3 files changed

+33
-5
lines changed
Open diff view settings
Collapse file

‎README.md‎

Copy file name to clipboardExpand all lines: README.md
+6-4Lines changed: 6 additions & 4 deletions
  • Display the source diff
  • Display the rich diff
Original file line numberDiff line numberDiff line change
@@ -10,23 +10,25 @@
1010

1111
计划定期更新,从基础到各种实战问题,打造齐全的Java安全面试题库(包含问题和详细的答案)
1212

13-
最低难度★ 最高难度★★★★★
13+
作者技术水平有限,难免有错误之处,欢迎师傅们提出ISSUE和PR
1414

15+
## 难度
1516

17+
最低难度★ 最高难度★★★★★
1618

17-
作者技术水平有限,难免有错误之处,欢迎师傅们提出ISSUE和PR
19+
个人认为安服崽需要掌握★-★★难度的问题,想进大厂或实验室至少需要全部掌握
1820

1921
## 分类
2022

21-
当前问题总数:75
23+
当前问题总数:78
2224

2325
[Java本身的安全问题 - 16个](https://github.com/4ra1n/JavaSecInterview/tree/master/java)
2426

2527
[Shiro框架相关的安全问题 - 8个](https://github.com/4ra1n/JavaSecInterview/tree/master/shiro)
2628

2729
[Fastjson组件相关的安全问题 - 12个](https://github.com/4ra1n/JavaSecInterview/tree/master/fastjson)
2830

29-
[Log4j2组件相关的安全问题 - 7个](https://github.com/4ra1n/JavaSecInterview/tree/master/log4j2)
31+
[Log4j2组件相关的安全问题 - 10个](https://github.com/4ra1n/JavaSecInterview/tree/master/log4j2)
3032

3133
[Spring框架相关的安全问题 - 16个](https://github.com/4ra1n/JavaSecInterview/tree/master/spring)
3234

Collapse file

‎java/README.md‎

Copy file name to clipboardExpand all lines: java/README.md
+1-1Lines changed: 1 addition & 1 deletion
  • Display the source diff
  • Display the rich diff
Original file line numberDiff line numberDiff line change
@@ -226,7 +226,7 @@ Y4er师傅提到的自定义类加载器配合RMI的一种方式
226226

227227

228228

229-
- 是否了解JDBC Connection URL攻击
229+
- 是否了解JDBC Connection URL攻击(★★★)
230230

231231
果我们可以控制`JDBC URI`就可将`JDBC`连接地址指向攻击者事先准备好的恶意服务器,这个服务器可以返回恶意的序列化数据
232232

Collapse file

‎log4j2/README.md‎

Copy file name to clipboardExpand all lines: log4j2/README.md
+26Lines changed: 26 additions & 0 deletions
  • Display the source diff
  • Display the rich diff
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,32 @@
66

77

88

9+
- Log4j2漏洞的黑盒检测(★)
10+
11+
由于该漏洞的特性,必须要出网才可以检测,例如`dnslog`的方式
12+
13+
在内网中也可不使用`dnslog`而是自行实现伪`JDNI/LDAP`的服务端用于探测
14+
15+
16+
17+
- Log4j2漏洞的白盒检测(★)
18+
19+
检查`pom.xml``gradle`中的依赖,是否存在`log4j2-api``log4j2-core`小于`2.15.0`则存在漏洞
20+
21+
22+
23+
- Log4j2的紧急修复手段(★★)
24+
25+
在JVM参数中添加`-Dlog4j2.formatMsgNoLookups=true`
26+
27+
系统环境变量中将`LOG4J_FORMAT_MSG_NO_LOOKUPS`设置为`true`
28+
29+
创建`log4j2.component.properties`文件并增加配置`log4j2.formatMsgNoLookups=true`
30+
31+
不重启应用情况下的修复手段参考另一个问题
32+
33+
34+
935
- 知道Log4j2 2.15.0 RC1修复的绕过吗(★★★)
1036

1137
修复内容限制了协议和HOST以及类型,其中类型这个东西其实没用,协议的限制中包含了`LDAP`等于没限制。重点在于HOST的限制,只允许本地localhost和127.0.0.1等IP。但这里出现的问题是,加入了限制但没有捕获异常,如果产生异常会继续`lookup`所以如果在URL中加入一些特殊字符,例如空格,即可导致异常绕过HOSOT限制,然后`lookup`触发RCE

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.