Welcome to the comment section! I hope this video was useful for you. If it was, make sure to leave a like and check out other videos about real-world vulnerabilities on my channel!
I found the Log4J in my client-site (confirmed), I can extract small data via DNS Exfiltrate technique according to your video. Then I try to setup LDAP to get reverse shell, the site can contact to my LDAP but it always get stuck, and I cannot even get reverse shell or create a file in the server. What's the reason?
I just wonder if the log4j library has been used by Oracle (sic) developers in java JVM(JDK) development and has the whole Java ecosystem been compromised? Maybe? Eh? Could it?
Welcome to the comment section! I hope this video was useful for you. If it was, make sure to leave a like and check out other videos about real-world vulnerabilities on my channel!
I never miss a video. Great effort.
Very nice overview. I've consulted several resources and this one makes it very clear. Thanks.
That's wonderful to hear!
yooooooooooo I've been waiting for this
Me too, luckily this time I managd to publish it before new bypasses were found
great explanation!
That was an awesome stuff my dear friend.
it was!
Best explanation out there
Great to hear!
really great 💥💥💥💥
Amazing video! Wow great stuff I appreciate it
Thank you!
I found the Log4J in my client-site (confirmed), I can extract small data via DNS Exfiltrate technique according to your video. Then I try to setup LDAP to get reverse shell, the site can contact to my LDAP but it always get stuck, and I cannot even get reverse shell or create a file in the server. What's the reason?
keep going bro..🔥🔥
I will🔥
Really nicely explained👍
thanks!
Cool bro.
this epic 🔥
🔥
Nice. Do you have any info about the recent CVE-2021-45105? It recommends to update log4j to 2.17.0
I mentioned it in 08:11
I just wonder if the log4j library has been used by Oracle (sic) developers in java JVM(JDK) development and has the whole Java ecosystem been compromised? Maybe? Eh? Could it?
Luckily it's not that terrible
Could I ask about why my server fetch the java class and execute it?
Cause of unserialize?
or others reason?
It's a feature of JNDI to fetch the java class and execute it
Nyc Video Sir 👍
Thanks👍
Good
Log4j vulnerability creator??
Chen Zhaojun from Alibaba Cloud Security Team
I want to contact you for business purpose, any email id? , Unable to contact you on twitter
hi. Channel page > About > For business enquiries