An Interest In:
Web News this Week
- March 21, 2024
- March 20, 2024
- March 19, 2024
- March 18, 2024
- March 17, 2024
- March 16, 2024
- March 15, 2024
December 21, 2021 10:16 pm GMT
Original Link: https://dev.to/gamesover/log4j-exploit-pattern-detection-using-coldfusioncfml-4l17
Log4j Exploit Pattern Detection Using ColdFusionCFML
Here are my initial attempts at trying to detect Log4j exploit attempts that may make it past our WAF/service provider protections. While our WAF stopped requests from Trend Micro's Log4j Tester, obfuscated requests made it through. At time of testing, Azure wasn't blocking requests. I had to be a little careful with the script as Windows kept instantly quarantining the CFM files and prevented ColdFusion from executing the template.
Sample CFML code available at https://gist.github.com/JamoCA/6a8c612645b1b7c47eba8e317ad51d23
Original Link: https://dev.to/gamesover/log4j-exploit-pattern-detection-using-coldfusioncfml-4l17
Share this article:
Tweet
View Full Article
Dev To
An online community for sharing and discovering great ideas, having debates, and making friendsMore About this Source Visit Dev To