Hello everyone, some time ago, a vulnerability information released by the official website of Log4j caused an uproar in the industry. Presumably many programmers were like me at that time - working overtime to upgrade the system overnight.
After the incident, I began to seriously study the cause of the Log4j remote code injection vulnerability, and finally located it in JNDI injection.
I have read many feature articles, and 2 of them are very well written, which perfectly answered my question about "Log4j injection vulnerability".
Reference article:
[Java security in the pit] Husband, what is JNDI injection? _A security researcher - CSDN blog _java jndi injection want to know? https://blog.csdn.net/he_and/article/details/105586691 In-depth understanding of JNDI injection and Java deserialization exploits – KINGX
https://kingx.me/Exploit-Java-Deserialization-with-RMI.html