Vulnerability discovered in early 2020.
After reading CVE-2019-17571, I found that there is another vulnerability under chainsaw，there is a deserialization process for socket data in the LoggingReceiver class, and the lack of verification leads to the occurrence of vulnerabilities
Set the listening port in the setupReceiver method on line 133 of src/main/java/org/apache/log4j/chainsaw/Main.java
Then go to the LoggingReceiver class to process related connection information:
Follow up LoggingReceiver class,get the data in the run method, encapsulate the mClient data into the ObjectInputStream object, Deserializing the ois object triggers the vulnerability:
Start the visualization component
Sending the payload generated by ysoserial (https://github.com/angelwhu/ysoserial) to port 4445 of the target can trigger the vulnerability.
eg, generate malicious data exp.ser first:
Write a python socket client after generating the data:
running exp.py can trigger the vulnerability.
When you run the above demo, you will be prompted:
It will prompt to wait for a connection. At this time, sending malicious serialized data to port 4445 will trigger the vulnerability.
This article is for study and communication. It is strictly forbidden to use it for illegal operations. All consequences shall be borne by yourself. Reading this article means that you have agreed to this statement.