关联漏洞
描述
An intentionally vulnerable webapp to get your hands dirty with CVE-2022-42889.
介绍
# Commons-Text Goat
This is a webapp that is intentionally vulnerable to [CVE-2022-42889](https://nvd.nist.gov/vuln/detail/CVE-2022-42889).
It uses an embedded Jetty server and Maven to start a servlet listening at port `8080` at URL `\api`. This endpoint accepts a URL parameter `cmd`. This is embedded between `${` and `}` and passed to the `StringSubstitutor` function; which inturn implements the [StringLookupFactory](https://commons.apache.org/proper/commons-text/apidocs/org/apache/commons/text/lookup/StringLookupFactory.html).
The vulnerability exists because the `StringLookupFactory` includes interpolators that can be can be easily exploited if provided untrusted input. These are `script`, `dns` and `url`. They have been disabled by default since v1.10.0 `coomons-text` versions 1.5 and above till v1.10 are affected.
You can run this locally by executing this command:
```
mvn package exec:java
```
> Note: The program listens on `0.0.0.0` by default. So, don't run this while connected to a untrusted network.
文件快照
[4.0K] /data/pocs/4ac7c4319d30b656811b8b1d57df09070be35d19
├── [1.0K] LICENSE
├── [3.2K] pom.xml
├── [1.0K] README.md
└── [4.0K] src
└── [4.0K] main
├── [4.0K] java
│ └── [4.0K] in
│ └── [4.0K] tulhan
│ ├── [1.0K] CommonsTextGoatMain.java
│ └── [4.0K] servlets
│ └── [ 804] CommonsTextGoatServlet.java
└── [4.0K] resources
└── [ 573] index.html
7 directories, 6 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。