Skip to content

Latest commit

 

History

History
37 lines (28 loc) · 1.49 KB

FAQ.md

File metadata and controls

37 lines (28 loc) · 1.49 KB
Raw

延伸用法

  1. 搭配log4j2burpscanner探测内网的Log4j(CVE-2021-44228)漏洞,参考文章https://mp.weixin.qq.com/s/NJ3gocQ_LojYlJk_0yWm6A

联动log4j2burpscanner

配置如下:

10.211.x.x:9999/%20{HOSTURI}【ip改为内网ip】
http://10.211.x.x:65535/resp?token=f0ng&words={HOSTURI}【ip改为内网ip、token为生成的或者自定义的】

必须设置{HOSTURI},这是定位到漏洞点的参数

必须设置{HOSTURI},这是定位到漏洞点的参数

必须设置{HOSTURI},这是定位到漏洞点的参数

image

启动环境,Log4_demo-0.0.1-SNAPSHOT.jar

java -jar Log4_demo-0.0.1-SNAPSHOT.jar

漏洞数据包

GET /cvetext?cmd=1 HTTP/1.1
Host: 127.0.0.1:8080
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/110.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close

在数据包右键send to passive scan即可看到结果

image