タグ
- すべて
- 2ch (42)
- 3D (40)
- 8pino (4)
- ACM (5)
- AI (29)
- API (38)
- AR (10)
- AWS (9)
- ActionScript (5)
- Adobe (4)
- AgIC (5)
- Agda (3)
- Agile (4)
- Ajax (13)
- Analysis (9)
- Analytics (3)
- Android (4)
- Anonymous (4)
- Apache (13)
- App (9)
- Apple (43)
- Arduino (9)
- Auckland (3)
- Bayesian optimization (6)
- Blender (9)
- Brush (3)
- Business (54)
- C (26)
- C++ (42)
- CG (23)
- CGI (16)
- CIA (4)
- CM (7)
- CMS (4)
- CNN (4)
- CS (73)
- CSRF (4)
- CSS3 (39)
- CakePHP (13)
- CheatSheet (10)
- Chef (3)
- Chrome (19)
- ChucK (5)
- Cinder (12)
- Cocoa (3)
- Code (48)
- CoffeeScript (3)
- Compiler (6)
- D3.js (6)
- DB (22)
- DCGAN (3)
- DTM (3)
- Dash (3)
- Data Structure (4)
- Debian (3)
- Deep Learning (50)
- Design (225)
- Digital Health (4)
- DigitalSignage (31)
- Django (8)
- Document (26)
- Documentation (3)
- Download (49)
- Dreamweaver (4)
- Dropbox (3)
- ERD (3)
- Electronic (7)
- Emacs (14)
- English (162)
- Erlang (6)
- Event (58)
- Evernote (4)
- Excel (4)
- Extension (6)
- FRP (4)
- Faye (3)
- Firefox (4)
- Flash (26)
- GAN (16)
- GD (5)
- GNN (3)
- GRE (6)
- GUI (6)
- Gadget (12)
- Gauche (4)
- GitHub (19)
- Gmail (3)
- Go (17)
- Google (98)
- Google Maps (3)
- GoogleAppEngine (17)
- Grammar (5)
- Grape (3)
- Guitar (6)
- H1B (4)
- HCI (48)
- HTML (31)
- HTML5 (81)
- Hack (57)
- Hadoop (4)
- Haskell (77)
- Heroku (5)
- How to (37)
- IBM (4)
- ICPC (4)
- IRC (6)
- IT (31)
- Illustrator (3)
- Incremental (4)
- Indeed (8)
- Innovation (3)
- Intern (6)
- JS (24)
- JSON (7)
- Java (22)
- JavaScript (182)
- Keynote (4)
- Kindle (6)
- Kinect (31)
- LEGO (5)
- LaTeX (25)
- Lab (30)
- Language (61)
- Leap Motion (6)
- Lecture (29)
- LifeHack (52)
- Linux (20)
- Lisp (33)
- Logic (21)
- Logo (11)
- MCMC (3)
- MIT (25)
- MLOps (3)
- Magazine (10)
- Management (3)
- Marketing (10)
- Mathematica (3)
- Matplotlib (8)
- MeCab (3)
- Microsoft (3)
- MongoDB (10)
- Music (63)
- MySQL (8)
- NHK (4)
- NLP (11)
- Network (31)
- News (82)
- NoSQL (3)
- OAuth (9)
- OCW (5)
- OCaml (20)
- OS (8)
- OSS (7)
- Objective-C (16)
- OmniGraffle (3)
- OpenCV (17)
- OpenGL (5)
- OpenNI (11)
- P2P (6)
- PHP (38)
- PIL (3)
- PRML (4)
- PaaS (3)
- Painter (3)
- Perl (31)
- Ph.D. (17)
- Photoshop (15)
- Podcast (3)
- PostgreSQL (5)
- Processing (51)
- Programming (541)
- Prototype (5)
- Python (88)
- Q&A (5)
- Quantum (6)
- Quartz Composer (7)
- QuickCheck (5)
- QuickLook (3)
- QuickSilver (3)
- R (11)
- RNN (4)
- Rails (82)
- React Native (3)
- React.js (17)
- Ruby (75)
- Ruby on Rails (4)
- Rust (13)
- RxJS (3)
- SAGE (3)
- SAT (4)
- SEO (3)
- SF (3)
- SIGGRAPH (3)
- SML (3)
- SNS (29)
- SQL (16)
- SQL Injection (3)
- STL (3)
- SVG (7)
- SVM (3)
- Safari (3)
- Scala (12)
- Scheme (16)
- Science (126)
- Selenium (3)
- Skype (4)
- Software (144)
- Stanford (5)
- TOEFL (13)
- TOEIC (7)
- TUIO (6)
- TeX (31)
- Technology (119)
- TensorFlow (6)
- TextMate (10)
- Theano (4)
- Three.js (6)
- Tips (249)
- TopCoder (5)
- Tutorial (125)
- TypeScript (6)
- UI (63)
- URL (4)
- US (7)
- UX (7)
- Unity (3)
- Unix (13)
- VISA (4)
- VPS (3)
- Vector (4)
- Visualization (41)
- WISS (3)
- WebGL (8)
- WebKit (4)
- Webアプリ (12)
- Webサービス (113)
- Webデザイン (130)
- Webマガジン (6)
- WiFi (3)
- Wikipedia (76)
- Windows (10)
- Wireshark (5)
- XSS (8)
- Y combinator (8)
- YouTube (29)
- academic (3)
- ad (5)
- algebraic effects (8)
- algorithm (26)
- amazon (19)
- anct-ubi-lab (27)
- anct-ubi-lab-issue (5)
- architecture (6)
- archive (3)
- art (205)
- artist (4)
- atom (6)
- auth (3)
- award (3)
- bash (5)
- bds (3)
- biology (17)
- blockchain (5)
- blog (57)
- book (9)
- bootstrap (15)
- brain (3)
- brainfuck (7)
- canvas (4)
- capistrano (4)
- causal inference (3)
- chemistry (3)
- chromium (3)
- circuit (3)
- color (4)
- comedy (3)
- command (15)
- communication (14)
- community (28)
- competition (3)
- complexity (3)
- conference (9)
- container (4)
- cool (5)
- coq (8)
- crawling (3)
- crowd sourcing (5)
- css (79)
- curl (3)
- data (23)
- debug (10)
- demo (5)
- dev-issue (5)
- dev-plugin (23)
- dev-tips (23)
- devise (5)
- docker (15)
- dp (8)
- e-learning (22)
- editor (15)
- eeicIVDA (5)
- eventmachine (4)
- express (12)
- facebook (21)
- fashion (42)
- finance (7)
- font (38)
- forum (4)
- framework (24)
- functional (55)
- futsal (4)
- gallery (6)
- game (14)
- generative (7)
- git (55)
- git-flow (4)
- graduate (8)
- homebrew (8)
- hosting (9)
- htaccess (10)
- iOS (65)
- iPad (4)
- iPhone (62)
- idea (9)
- image processing (14)
- interaction (9)
- internship (8)
- interview (14)
- jQuery (59)
- lambda (15)
- library (65)
- list (7)
- log4j (4)
- log4shell (6)
- mac (116)
- machine learning (55)
- markdown (7)
- math (180)
- mixi (18)
- monad (9)
- mongoose (7)
- movie (12)
- multitouch (17)
- node.js (44)
- numpy (10)
- openFrameworks (34)
- pdf (4)
- phonetic (6)
- photo (17)
- physics (4)
- plugin (30)
- products (5)
- proxy (6)
- puma (4)
- push (5)
- puzzle (5)
- railscast (5)
- reactive (5)
- reference (99)
- research (14)
- researcher (6)
- responsive design (4)
- robot (4)
- salary (5)
- scholarship (10)
- scikit-learn (4)
- scraping (6)
- security (108)
- server (24)
- shop (10)
- soccer (9)
- socket.io (9)
- solr (12)
- source (22)
- spcamp (7)
- spdy (4)
- ssh (9)
- startup (26)
- statistics (16)
- studio (5)
- style transfer (5)
- sublime (5)
- t-SNE (7)
- test (17)
- themes (6)
- tmux (10)
- tool (132)
- trading (4)
- travel (12)
- twitter (59)
- usability (5)
- verilog (4)
- video (11)
- vim (36)
- voronoi (12)
- web (246)
- web design (9)
- web3 (7)
- websocket (9)
- wiki (19)
- zeromq (6)
- zsh (10)
- これはすごい (115)
- これはひどい (61)
- はてな (6)
- はまちちゃん (9)
- まとめ (300)
- アイデア (5)
- アメリカ (26)
- アルゴリズム (55)
- カフェ (4)
- グルメ (7)
- ゲーム (4)
- コンサル (4)
- コンテスト (37)
- サポート (5)
- タイポグラフィ (9)
- デザイン (5)
- ネタ (564)
- ビザ (4)
- プレゼン (7)
- マルコフ連鎖 (6)
- メディア (10)
- メディアアート (25)
- レンタルサーバ (6)
- 人工無脳 (10)
- 人物 (57)
- 人生 (17)
- 仕事 (35)
- 企業 (22)
- 会社 (12)
- 便利 (13)
- 健康 (23)
- 勉強 (76)
- 勉強会 (5)
- 動画 (57)
- 医学 (5)
- 哲学 (9)
- 問題集 (8)
- 国際 (8)
- 圏論 (9)
- 地震 (4)
- 場所 (4)
- 多読 (5)
- 大学 (64)
- 大学院 (24)
- 学会 (4)
- 宇宙 (4)
- 就活 (28)
- 広告 (6)
- 形態素解析 (12)
- 心理 (15)
- 心理学 (4)
- 恋愛 (4)
- 情報 (49)
- 技術 (4)
- 政治 (14)
- 教科書 (10)
- 教育 (39)
- 数学 (18)
- 文字 (7)
- 料理 (5)
- 日本 (80)
- 暗号 (5)
- 未来 (10)
- 本 (94)
- 東京 (5)
- 東大 (37)
- 株 (10)
- 検索 (38)
- 機械学習 (16)
- 正規表現 (8)
- 歴史 (9)
- 海外 (34)
- 物理 (18)
- 生活 (17)
- 画像 (21)
- 画像処理 (4)
- 留学 (22)
- 研究 (65)
- 社会 (140)
- 科学 (4)
- 競プロ (6)
- 素材 (28)
- 経済 (15)
- 統計 (8)
- 絵 (11)
- 編入 (6)
- 考え方 (138)
- 脳科学入門 (4)
- 色 (7)
- 英語 (14)
- 虚構 (11)
- 言葉 (14)
- 言語 (15)
- 記号プログラミング (10)
- 設定 (4)
- 読み物 (17)
- 論文 (51)
- 賃貸 (12)
- 資料 (12)
- 資格 (6)
- 起業 (25)
- 辞書 (8)
- 進路 (5)
- 過去問 (7)
- 量子コンピュータ (4)
- 金融 (6)
- 開発 (69)
- 高専 (10)
- ネタ (564)
- Programming (541)
- まとめ (300)
- Tips (249)
- web (246)
- Design (225)
- art (205)
- JavaScript (182)
- math (180)
- English (162)
log4jに関するTaKUMAのブックマーク (4)
-
TaKUMA 2021/12/11
- jndi
- security
- log4shell
- log4j
リンク -
-
Log4j RCE Found | Hacker News
To folks wondering what the issue is about, I'll give a short summary that I myself needed.Typically a logging library has one job to do: swallow the string as if it's some black box and spit it elsewhere as per provided configurations. Log4j though, doesn't treat strings as black boxes. It inspects its contents and checks if it contains any "variables" that need to be resolved before spitting out
-
us-16-MunozMirosh-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE
A JOURNEY FROM JNDI/LDAP MANIPULATION TO REMOTE CODE EXECUTION DREAM LAND Alvaro Muñoz (@pwntester) Oleksandr Mirosh Who are we • Alvaro Muñoz (@pwntester) • Principal Security Researcher, HPE Fortify • Oleksandr Mirosh • Senior QA Engineer, HPE Fortify Agenda • Introduction to JNDI • JNDI Injection • RMI Vector • Demo: EclipseLink/TopLink • CORBA Vector • LDAP Vector • LDAP Entry Poisoning • Demo
-
1
公式Twitter
- @HatenaBookmark
リリース、障害情報などのサービスのお知らせ
- @hatebu
最新の人気エントリーの配信
処理を実行中です
キーボードショートカット一覧
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
設定を変更しましたx