# log4j2漏洞原理简单学习

## 漏洞复现

### 1.新建Maven项目，导入依赖

 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 4.0.0 org.example MavenTest1 1.0-SNAPSHOT org.apache.maven.plugins maven-compiler-plugin 17 17 --add-exports=jdk.naming.rmi/com.sun.jndi.rmi.registry=ALL-UNNAMED org.apache.logging.log4j log4j-api 2.14.0 org.apache.logging.log4j log4j-core 2.14.0 11 11

 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 %d{yyyy-MM-dd HH:mm:ss,SSS} %5p %c{1}:%L - %m%n /data/logs/dust-server ${pattern}${pattern}

## 参考

https://hackt0.github.io/2021/12/13/%E6%A0%B8%E5%BC%B9%E7%BA%A7!log4j%202%E6%BC%8F%E6%B4%9E%E5%8E%9F%E7%90%86%E5%8F%8A%E5%A4%8D%E7%8E%B0/#%E6%90%AD%E5%BB%BARMI%E6%9C%8D%E5%8A%A1%E7%AB%AF%EF%BC%8C%E5%8C%85%E5%90%AB%E9%9C%80%E8%A6%81%E6%89%A7%E8%A1%8C%E7%9A%84%E6%81%B6%E6%84%8F%E4%BB%A3%E7%A0%81

https://segmentfault.com/a/1190000041102850

https://segmentfault.com/q/1010000041102656