Comments (2)
You can't find Log4shell by randomly scan sites on the internet (well maybe you can, but you should give more thought about what you're doing for sure). The scanner must be able to find an insertion point in your base request, that is vulnerable, so it can insert the payload there (see: #4 (comment) ).
If you are absolutely sure, that you are targeting a request that contains a vulnerable parameter, yet the plugin doesn't detect the vuln, feel free to reopen the issue with the supposedly vulnerable request, and a pcap of the traffic.
from burp-log4shell.
I can confirm this, I've tested about 70 sites in the last few hours and found absolutely nothing
from burp-log4shell.
Related Issues (14)
- Hard way is not that hard HOT 4
- Additional payloads for allowedLdapHost and allowedClasses bypass HOT 2
- CVE coverage HOT 1
- Payloads are not sent with the plugin HOT 10
- I suggest this plugin can add some scan rules HOT 2
- BApps: Log4Shell scanner HOT 5
- Protobuf version error HOT 1
- [Request] - Add check for unencoded URI Path HOT 7
- Fails to detect Log4Shell vulnerability HOT 16
- Running burp-log4shell.jar HOT 2
- Detecting delayed responses/timeouts? HOT 3
- Only detecting JNDI + LDAP exploit variant - other exploits of CVE are undetected HOT 3
- [Feature] Add context menu option to only scan for log4j HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from burp-log4shell.