> proof-of-concept (PoC) code has evidently been available since March of 2021
This Github repo was for an older vulnerability[1] (CVE-2019-17571).
> monitor web application logs for evidence of attempts to execute methods from remote codebases (i.e. looking for jndi:ldap strings)
As the templates are interpreted recursively, the payload can easily be obfuscated, e.g. using "${${lower:j}${lower:n}..."[2]. I saw e.g. binaryedge's scanner already use that trick.
Here you go:
- The stabilized frames out of blender (with 4 blurry frames in a separate folder): https://breaking.systems/plate_frames_sorted.zip
- The original video in case you'd like to improve the stabilization as well: https://breaking.systems/plate_vid_orig.mp4
Would love to hear back in case you'll tackle it!