|
|
|
|
|
|
by Sohcahtoa82
1647 days ago
|
|
|
Bad-intentioned people already have tools to do this. My company's website has a couple dozen entries in its logs from people testing Log4Shell. We have no way of knowing if any of these are benevolent people trying to notify companies of the vulnerability, people hoping for a beg bounty, or actual attackers. It's not hard to write a tool that scrapes Shodan.io and sends Log4Shell payloads to everything. |
|
|