Y

YouLibs

Remove Touch Overlay

Fuzzing Java to Find Log4j Vulnerability - CVE-2021-45046

Duration: 20:19Views: 47.1KLikes: 2.1KDate Created: Feb, 2022

Channel: LiveOverflow

Category: Education

Tags: how to hackexploit tutoriallive overflowhacking tutorialliveoverflow

Description: After the log4shell (CVE-2021-44228) vulnerability was patched with version 2.15, another CVE was filed. Apparently log4j was still vulnerable in some cases to a denial of service. However it turned out that on some systems, the issue can still lead to a remote code execution. In this video we use the Java fuzzer Jazzer to find a bypass. Jazzer Java Fuzzer: github.com/CodeIntelligenceTesting/jazzer Anthony Weems: twitter.com/amlweems 00:00 - Intro 00:54 - Chapter #1: The New CVE 03:38 - Chapter #2: Disable Lookups 05:43 - Chapter #3: Vulnerable log4j Configs 07:52 - Chapter #4: The Remote Code Execution 10:53 - Chapter #5: Parser Differential 12:57 - Chapter #6: Differential Fuzzing 16:07 - Chapter #7: macOS Only 18:15 - Chapter #8: Increase Impact 19:03 - Summary 19:58 - Outro -=[ ā¤ļø Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ šŸ• Social ]=- → Twitter: twitter.com/LiveOverflow → Instagram: instagram.com/LiveOverflow → Blog: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow

Swipe Gestures On Overlay