Fuzzing Java to Find Log4j Vulnerability - CVE-2021-45046

Channel:
United States LiveOverflow
Subscribers:
920,000
Published on ● Video Link: https://www.youtube.com/watch?v=kvREvOvSWt4


Category:
Vlog
Duration: 20:19
54,652 views
2,310

After the log4shell (CVE-2021-44228) vulnerability was patched with version 2.15, another CVE was filed. Apparently log4j was still vulnerable in some cases to a denial of service. However it turned out that on some systems, the issue can still lead to a remote code execution. In this video we use the Java fuzzer Jazzer to find a bypass.

Jazzer Java Fuzzer: https://github.com/CodeIntelligenceTesting/jazzer
Anthony Weems: https://twitter.com/amlweems

00:00 - Intro
00:54 - Chapter #1: The New CVE
03:38 - Chapter #2: Disable Lookups
05:43 - Chapter #3: Vulnerable log4j Configs
07:52 - Chapter #4: The Remote Code Execution
10:53 - Chapter #5: Parser Differential
12:57 - Chapter #6: Differential Fuzzing
16:07 - Chapter #7: macOS Only
18:15 - Chapter #8: Increase Impact
19:03 - Summary
19:58 - Outro

-=[ ❀️ Support ]=-

β†’ per Video: https://www.patreon.com/join/liveoverflow
β†’ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ πŸ• Social ]=-

β†’ Twitter: https://twitter.com/LiveOverflow/
β†’ Instagram: https://instagram.com/LiveOverflow/
β†’ Blog: https://liveoverflow.com/
β†’ Subreddit: https://www.reddit.com/r/LiveOverflow/
β†’ Facebook: https://www.facebook.com/LiveOverflow/



Other Videos By LiveOverflow


2022-04-20Modding is Hacking...
2022-04-16Awkward VLOG at Nullcon Berlin 2022
2022-04-10Minecraft, But It's Reverse Engineered...
2022-04-03Breaching Security of Palais des Congrès (in Minecraft) #shorts
2022-04-01I Spent 100 Days Hacking Minecraft
2022-03-24I've been Hacking for 10 Years! (Stripe CTF Speedrun)
2022-03-16Missing HTTP Security Headers - Bug Bounty Tips
2022-03-07Finding 0day in Apache APISIX During CTF (CVE-2022-24112)
2022-02-24Exploiting Java Tomcat With a Crazy JSP Web Shell - Real World CTF 2022
2022-02-12Sudo Exploit for (old) Ubuntu 20.04 LTS
2022-02-01Fuzzing Java to Find Log4j Vulnerability - CVE-2021-45046
2022-01-18Debugging The Failing sudoedit Exploit | Ep.16
2022-01-11Creating The First (Failed) Sudoedit Exploit | Ep. 15
2022-01-03Learning about nss (Linux Name Service Switch) During Sudo Exploitation | Ep. 14
2021-12-24Log4j Lookups in Depth // Log4Shell CVE-2021-44228 - Part 2
2021-12-17Log4j Vulnerability (Log4Shell) Explained // CVE-2021-44228
2021-12-14Can We Find a New Exploit Strategy? | Ep. 13
2021-12-02Authorization vs. Authentication (Google Bug Bounty)
2021-11-18Developing GDB Extension for Heap Exploitation | Ep. 12
2021-11-04How Hackers Get Into Every Device!
2021-10-26Design Flaw in Security Product - ALLES! CTF 2021


Tags:
Live Overflow
liveoverflow
hacking tutorial
how to hack
exploit tutorial