first, sorry. I can not think of any better subject.
we're using this apache log format
grep -rni LogFormat /etc/apache2/* | grep common
apache2.conf:208:LogFormat "%h %l %u %t \"%r\" %>s %O" common
and parsing it with this python code
combine_parser = apache_log_parser.make_parser("%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"")
common_parser = apache_log_parser.make_parser("%h %l %u %t \"%r\" %>s %O")
try:
dataset = combine_parser(rawData)
except:
dataset = common_parser(rawData)
during some penetration tests on our systems, we got this apache log line
1.2.3.4 - - [20/Nov/2018:16:17:59 +0100] "GET //${%23w%3d%23context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse').getWriter(),%23w.print('Nessus%20Response:%20'),%23w.println('struts_2_3_14_3_command_execution-2092796018'),%23w.flush(),%23w.close()}.action HTTP/1.1" 404 698
which returns the error message
ValueError: invalid literal for int() with base 10: "%20'),%23w.println('struts_2_3_14_3_command_execution-2092796018'),%23w.flush(),%23w.close()}.action"
It looks like that we need to escape some characters in this string? But which one?
It looks like it gets missinterpreted at the : character.
escaping with escaped = rawData.translate(str.maketrans({":": r"\:"})) doesn't work. Any ideas?
first, sorry. I can not think of any better subject.
we're using this apache log format
and parsing it with this python code
during some penetration tests on our systems, we got this apache log line
which returns the error message
It looks like that we need to escape some characters in this string? But which one?
It looks like it gets missinterpreted at the
:character.escaping with
escaped = rawData.translate(str.maketrans({":": r"\:"}))doesn't work. Any ideas?