来源

关联漏洞

描述

CVE-2022-42889 - Text4Shell exploit

介绍

# Text4shell-exploit
This is a Proof of Concept exploiting the vulnerability in Apache Commons Text [CVE-2022-42889]

Vulnerable versions : 1.5.0 to (not including) 1.10.0

## Impact
Successful exploitation of this vulnerability allows an unauthenticated attacker to execute arbitrary code on the vulnerable asset

## Vulnerable application to verify the PoC
Application developed by [@securekomodo](https://github.com/securekomodo),  is attached [here](https://github.com/securekomodo/text4shell-poc).
### Docker
This application can also be loaded from docker-registry
```
docker run -p 8080:8080 gokul2/text4shell-poc:latest
```
The application will be available at [localhost:8080](http://localhost:8080) now.

## Validation
To verify the arbitrary Command Execution, we use [interactsh](https://github.com/projectdiscovery/interactsh), a tool to capture OOB interactions by [@projectdiscovery](https://github.com/projectdiscovery).

### Setting up Interactsh-client
Set-up interactsh client before executing the actual exploit.
```
docker run projectdiscovery/interactsh-client:latest
```

Take a note of the domain listed after starting the application
```
[INF] Listing 1 payload for OOB Testing
[INF] xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.oast.pro
```
## Usage
```
python3 exploit.py -u [host] -i [input-file-with-targets] -v [interactsh client domain] -p [proxy(optional)]
python3 exploit.py -u [host] -t [single target path] -v [interactsh client domain] -p [proxy(optional)]
```

## Verification
Check for logs in the interactsh-client to validate the exploit.

文件快照

 [4.0K]  /data/pocs/bb0149990ab9c2c0672908a5fd9e01e07cfe83e5
├── [3.7K]  exploit.py
└── [1.5K]  README.md

0 directories, 2 files

备注