Apache Kafka Clients Jndi Injection Vulnerability description Apache Kafka is a distributed data stream processing platform that can publish, subscribe, store and process data streams in real time. Kafka Connect is a tool for scalable, reliable streaming of data between Kafka and other systems. An attacker can use any Kafka client based on SASL JAAS […]
Tag: jndi
Kafka JNDI injection analysis (CVE-2023-25194)
Apache Kafka Clients Jndi Injection Vulnerability description Apache Kafka is a distributed data stream processing platform that can publish, subscribe, store and process data streams in real time. Kafka Connect is a tool for scalable, reliable streaming of data between Kafka and other systems. An attacker can use any Kafka client based on SASL JAAS […]
Implementing JMS point-to-point messaging based on Tomcat + JNDI + ActiveMQ
Foreword I wrote a simple JMS example. The reason for using JNDI is for universality. This example uses the common interface provided by the JMS specification and does not use the interface of a specific JMS provider. This ensures that the program we write is suitable for any JMS implementation (ActiveMQ, HornetQ…). What is JNDI […]
kettle simple-jndi configuration center
jdbc.properties configuration SampleData/type=javax.sql.DataSource SampleData/driver=org.h2.Driver SampleData/url=jdbc:h2:file:./samples/db/sampledb;IFEXISTS=TRUE SampleData/user=PENTAHO_USER SampleData/password=PASSWORD SampleDataAdmin/type=javax.sql.DataSource SampleDataAdmin/driver=org.h2.Driver SampleDataAdmin/url=jdbc:h2:file:./samples/db/sampledb;IFEXISTS=TRUE SampleDataAdmin/user=PENTAHO_ADMIN SampleDataAdmin/password=PASSWORD Quartz/type=javax.sql.DataSource Quartz/driver=org.hsqldb.jdbcDriver Quartz/url=jdbc:hsqldb:hsql://localhost/quartz Quartz/user=pentaho_user Quartz/password=password Hibernate/type=javax.sql.DataSource Hibernate/driver=org.hsqldb.jdbcDriver Hibernate/url=jdbc:hsqldb:hsql://localhost/hibernate Hibernate/user=hibuser Hibernate/password=password Shark/type=javax.sql.DataSource Shark/driver=org.hsqldb.jdbcDriver Shark/url=jdbc:hsqldb:hsql://localhost/shark shark/user=sa Shark/password= PDI_Operations_Mart/type=javax.sql.DataSource PDI_Operations_Mart/driver=org.postgresql.Driver PDI_Operations_Mart/url=jdbc:postgresql://localhost:5432/hibernate?searchpath=pentaho_operations_mart PDI_Operations_Mart/user=hibuser PDI_Operations_Mart/password=password #oceanbase database jndi configuration: # oceanbase_LOCAL localhost oceanbase_LOCAL/type=javax.sql.DataSource oceanbase_LOCAL/driver=com.alipay.oceanbase.jdbc.Driver oceanbase_LOCAL/url=jdbc:oceanbase://192.168.56.111:2883/oceanbase?useUnicode=true &characterEncoding=utf-8 &rewriteBatchedStatements=true &allowMultiQueries=true oceanbase_LOCAL/user=root@tenantfish oceanbase_LOCAL/password= #DB2 database jndi configuration: #DB_LOCAL localhost DB_LOCAL/type=javax.sql.DataSource DB_LOCAL/driver=com.ibm.db2.jcc.DB2Driver […]
jndi technology, dao mode development database project, jsp instruction
jndi technology, dao mode development database project, jsp command 1. Link resources in jndi mode (1), jndi introduction: (java name dericory interface) jndi is a server technology used to help our project code find resources. Including text resources, jar package resources, and configuration information resources. (2), the advantages of jndi: 1. The advantage of jndi […]
JNDI injection + high version bypass + tool usage
Foreword: JNDI full name (Java Naming and Directory Interface) is the Java naming and directory interface provided by Java, by calling JNDI The API can locate resources and other program objects. And JNDI injection is to control the parameters of the lookup function, so that the client can access malicious RMI or LDAP services To […]
SpringBoot dynamic data source based on annotation switching and Hikari implementation (supporting JNDI)
Realize the effect Let’s talk about the effect first. It is necessary to switch the current data source with method-level annotations. When the annotation is not set, the default data source is used, and the JNDI source is supported at the same time. General idea There is an abstract class AbstractRoutingDataSource in the Spring framework, […]
Apache Kafka JNDI Injection (CVE-2023-25194) Vulnerability Reappearance Analysis
About Apache Kafka is an open-source distributed event streaming platform used by thousands of companies for high-performance data pipelines, streaming analytics, data integration, and mission-critical applications. Affects version 2.4.0
Apache Kafka JNDI Injection (CVE-2023-25194) Vulnerability Reappearance Analysis
About Apache Kafka is an open-source distributed event streaming platform used by thousands of companies for high-performance data pipelines, streaming analytics, data integration, and mission-critical applications. Affects version 2.4.0
Spring Boot restart logging.config logback JNDI RCE vulnerability recurrence
Disclaimer: This article is for learning and reference only. All resources involved in it are from the Internet. Please do not use them for any illegal activities, otherwise you will bear the corresponding consequences yourself, and I do not assume any legal and joint and several liabilities. Build environment Vulnerability environment: https://github.com/LandGrey/SpringBootVulExploit/tree/master/repository/springboot-restart-rce IDEA loads the […]