Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
barbarbar
on Dec 12, 2021
|
parent
|
context
|
favorite
| on:
Log4j: Between a rock and a hard place
Do you have a source for that?
xendo
on Dec 12, 2021
[–]
https://www.veracode.com/blog/research/exploiting-jndi-injec...
barbarbar
on Dec 13, 2021
|
parent
[–]
As they mention these are custom examples where you make lookup on user supplied string. But do you have an example of that? It seems highly unlikely to do jndi lookups based on user input.
xendo
on Dec 14, 2021
|
root
|
parent
[–]
${jndi:rmi://localhost:1099/ObjectName} will do the lookup to the lookup to the RMI server for ObjectName.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
