please check your logs to verify the existence of the vulnerability

fullhunt / log4j-scan

A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228

MIT License

3.4k stars 741 forks source link

please check your logs to verify the existence of the vulnerability #98

Closed sarah026 closed 2 years ago

sarah026 commented 2 years ago

The scan says "[•] Payloads sent to all URLs. Custom DNS Callback host is provided, please check your logs to verify the existence of the vulnerability. Exiting."

What logs is it referring to here? The application itself? or the DNS server? Thanks

axel3rd commented 2 years ago

Hi,

In case of Custom DNS Callback host usage, this tool cannot (by design) request custom DNS server to check if a request has been done by a vulnerable application (contrary to interact.sh pull usage) => you have to check your DNS server manually. This is the sens if this sentence IMO (but you can check application logs too 😁).

mazen160 commented 2 years ago

As @axel3rd stated, this logs is related to the DNS logs of the custom DNS server you're using :)