Channel: LiveOverflow
Category: Education
Tags: how to hackexploit tutoriallive overflowhacking tutorialliveoverflow
Description: After the log4shell (CVE-2021-44228) vulnerability was patched with version 2.15, another CVE was filed. Apparently log4j was still vulnerable in some cases to a denial of service. However it turned out that on some systems, the issue can still lead to a remote code execution. In this video we use the Java fuzzer Jazzer to find a bypass. Jazzer Java Fuzzer: github.com/CodeIntelligenceTesting/jazzer Anthony Weems: twitter.com/amlweems 00:00 - Intro 00:54 - Chapter #1: The New CVE 03:38 - Chapter #2: Disable Lookups 05:43 - Chapter #3: Vulnerable log4j Configs 07:52 - Chapter #4: The Remote Code Execution 10:53 - Chapter #5: Parser Differential 12:57 - Chapter #6: Differential Fuzzing 16:07 - Chapter #7: macOS Only 18:15 - Chapter #8: Increase Impact 19:03 - Summary 19:58 - Outro -=[ ā¤ļø Support ]=- ā per Video: patreon.com/join/liveoverflow ā per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ š Social ]=- ā Twitter: twitter.com/LiveOverflow ā Instagram: instagram.com/LiveOverflow ā Blog: liveoverflow.com ā Subreddit: reddit.com/r/LiveOverflow ā Facebook: facebook.com/LiveOverflow