Security News > 2021 > December > Log4Shell explained – how it works, why you need to know, and how to fix it
So the value 0x00000000004D110A gives away where the program code is loaded into memory, and thus breaks the security provided by ASLR. Software should never permit untrusted users to use untrusted data to manipulate how that very data gets handled.
Simply put, the user who's supplying the data you're planning to log gets to choose not only how it's formatted, but even what it contains, and how that content is acquirde.
Giving the person at the other end a say into how to log the data they submit means not only that your logs don't always contains a faithful record of the actual data that you received, but also that they might end up containing data from elsewhere on your server that you wouldn't normally choose to save to a logfile at all.
There you have it: uncomplicated, reliable, by-designremote code execution, triggered by user-supplied data that may ironically be getting logged for auditing or security purposes.
At first glance, you might assume that you only need to consider servers with network-facing code that's written in Java, where the incoming TCP connections that service requests are handled directly by Java software and the Java runtime libraries.
We don't yet know the value of $ because that is, after all, the very data we are after.