POC详情: aa82f2369f9d90e10904c6fa6506c38c2dee1e49

来源
https://github.com/cryxnet/CVE-2022-42889-RCE
关联漏洞
标题: Apache Commons Text 代码注入漏洞 (CVE-2022-42889)
描述:Apache Commons Text是美国阿帕奇(Apache)基金会的一个专注于字符串算法的库。 Apache Commons Text 1.5至1.9版本存在安全漏洞,该漏洞源于默认的Lookup实例集包括可能导致任意代码执行或与远程服务器联系的插值器,可能容易受到远程代码执行或与远程服务器的无意接触的影响。
描述
Proof of Concept for CVE-2022-42889 (Text4Shell Vulnerability)
介绍
# CVE-2022-42889-PoC

Proof of Concept for CVE-2022-42889 remote code execution exploit (Text4Shell Vulnerability).
<br /> Give a ⭐ for support ❤️

## About this vulnerability

CVE-2022-42889 is a new critical vulnerability similar to Spring4Shell and Log4Shell.
Its a RCE (Remote Code Execution) vulnerability with the severity score of 9.8.
This allows hacker to execute arbitary malicious code on the attacked machine.
The version 1.5 - 1.9 from Apache Commons Text are affected.

## How this works

> Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. - [cve.mitre.org](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42889)

## How to protect against it

You just need to upgrade this service to the version =< 1.10

## Todo

- [x] Better target scan
- [x] Service detection
- [x] OS detection
- [x] Better target scan result
- [ ] Base64 payload fix
- [ ] Linux reverseshell payload obfuscation

## Prerequisites

1. python 3.9.x
2. nmap
3. ncat
4. Required Libraries

```sh
pip install python-nmap
pip install requests
pip install base64
pip instsall colorama
```

## Screenshots

![image of shell](/docs/assets/images/shell.png)

## Project Insights

![image of Project Insights](/docs/assets/images/traffic_insights_16.11.png)

## Disclaimer

**YOUR USAGE OF THIS PROJECT CONSTITUTES YOUR AGREEMENT TO THE FOLLOWING TERMS:**

- THE MISUSE OF THE DATA PROVIDED BY THIS PROJECT AND ITS EXPLOITS MAY LEAD TO CRIMINAL CHARGES AGAINST THE PERSONS CONCERNED.

- I DO NOT TAKE ANY RESPONSIBILITY FOR THE CASE. USE THIS PROJECT ONLY FOR RESEARCH PURPOSES, EDUCATIONAL PURPOSES & ETHICAL ONLY.

- Its a project related to Computer Security and for Educational Purposes and not a project that promotes illegal activities.

- Don't use this Project for any illegal activities.

- If something happens, we do not take any liability.

- It should teach people how a Malware and a complex Hack Strategie could work and also how to deal with those threats.

- THIS IS A EDUCATIONAL RESEARCH PROJECT
文件快照

 [4.0K]  /data/pocs/aa82f2369f9d90e10904c6fa6506c38c2dee1e49
├── [4.0K]  docs
│   └── [4.0K]  assets
│       └── [4.0K]  images
│           ├── [ 14K]  shell.png
│           └── [ 67K]  traffic_insights_16.11.png
├── [5.9K]  main.py
└── [2.8K]  README.md

3 directories, 4 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。