we're sending through log4j-scan.py a custom dns callback host and we are not seeing anything being returned to the internal interact.sh server.
We cleared all network roadblocks internal, but the server hit, known to be vulnerable, just does DNS queries.
We dug into this and discovered that the server being hit is trying to find via DNS the beginning of the test, not the URL or IP of the callback host.
Example: DNS query on ${jnd:${upper.nsnew.test.com , or $jndi.nsnew.test.com
Basically it is looking for the beginning of the test for dns NOT the passed callback host.
Anyone have any ideas why this is happening ?
DNS resolves nsnew.test.com perfectly.
This happens if I pass the callback host as an IP, FQDN, or http://ip or http://fqdn
we're sending through log4j-scan.py a custom dns callback host and we are not seeing anything being returned to the internal interact.sh server.
We cleared all network roadblocks internal, but the server hit, known to be vulnerable, just does DNS queries.
We dug into this and discovered that the server being hit is trying to find via DNS the beginning of the test, not the URL or IP of the callback host.
Example: DNS query on ${jnd:${upper.nsnew.test.com , or $jndi.nsnew.test.com Basically it is looking for the beginning of the test for dns NOT the passed callback host.
Anyone have any ideas why this is happening ? DNS resolves nsnew.test.com perfectly.
This happens if I pass the callback host as an IP, FQDN, or http://ip or http://fqdn
any thoughts ?
thanks