OK, here is the #CRS #log4j / #log4shell #WAF Bypass contest.
We don’t know of any jndi/ctx log4j payload that we don’t detect. Show us your evasions and see if you can make it into our hall of fame!
#OWASP #ModSecurity #CRS3 @CoreRuleSet CVE-2021-44228
https://t.co/etzEOhlgOA https://t.co/fPYEf4SO8w