A new WAF bypass technique has been discovered in the context of the Log4j vulnerability. By transforming invalid Unicode characters into legitimate ones using Java string techniques like the 'upper' function, this technique can evade numerous WAFs. This bypass is credited to @EsotericSpyro.
For more insights, check out the original tweet here: https://twitter.com/Mawg0ud/status/1778786666364244004. And don’t forget to follow @Mawg0ud for more exciting updates in the world of cybersecurity.
Subscribe for the latest news: