Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

大佬 请教下有办法取消默认的url吗?还有为啥payload会多个冒号呢? #49

Closed
NxStudy opened this issue Apr 25, 2022 · 7 comments
Closed

大佬 请教下有办法取消默认的url吗?还有为啥payload会多个冒号呢? #49

NxStudy opened this issue Apr 25, 2022 · 7 comments

Comments

@NxStudy
Copy link

NxStudy commented Apr 25, 2022

这是生成的payload %24{jndi:rmi:://ip:port/%20test}
@f0ng
Copy link
Owner

f0ng commented Apr 25, 2022

  1. 取消默认url,可以自定义dnslog记录平台,ceye或者自己建立一个,在dnslog configuration里配置
  2. payload多冒号应该是配置问题,可以贴下你的配置

@NxStudy
Copy link
Author

NxStudy commented Apr 25, 2022

image
image
Uploading image.png…

@f0ng
Copy link
Owner

f0ng commented Apr 25, 2022

感谢反馈,确实存在该缺陷,源于对isip参数的逻辑判断出问题了

@f0ng
Copy link
Owner

f0ng commented Apr 25, 2022

另发现在勾选isip框后,请求体中没有payload。0.18.7版本一并修复,感谢师傅反馈

@f0ng f0ng closed this as completed Apr 25, 2022
@NxStudy
Copy link
Author

NxStudy commented Apr 25, 2022

大佬 再反馈下,勾选isip会对$符号进行url编码。

@f0ng
Copy link
Owner

f0ng commented Apr 25, 2022

这是正常处理

@f0ng
Copy link
Owner

f0ng commented Apr 25, 2022

在被动扫描的时候payload为$,在send to scanner的时候,$会编码

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@f0ng @NxStudy