search

fullhunt / log4j-scan

A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228
MIT License
3.4k stars 739 forks source link

[Bug] Conflict between --waf-bypass and --test-CVE-2021-45046 arguments #110

Closed esatormi closed 2 years ago

esatormi commented 2 years ago

--test-CVE-2021-45046 argument overwrites already set payloads:

if args.waf_bypass_payloads:
    payloads.extend(generate_waf_bypass_payloads(f'{parsed_url["host"]}.{callback_host}', random_string))

if args.cve_2021_45046:
    cprint(f"[•] Scanning for CVE-2021-45046 (Log4j v2.15.0 Patch Bypass - RCE)", "yellow")
    payloads = get_cve_2021_45046_payloads(f'{parsed_url["host"]}.{callback_host}', random_string)

Last line should be:

    payloads.extend(get_cve_2021_45046_payloads(f'{parsed_url["host"]}.{callback_host}', random_string))
mazen160 commented 2 years ago

Hi @esatormi Yes, it's intentional, since the payloads for --test-CVE-2021-45046 are different than payloads for the original CVE-2021-44228. The --waf-bypass payloads are designed for CVE-2021-44228