CVE-2022-42889 - Text4Shell exploit# Text4shell-exploit
This is a Proof of Concept exploiting the vulnerability in Apache Commons Text [CVE-2022-42889]
Vulnerable versions : 1.5.0 to (not including) 1.10.0
## Impact
Successful exploitation of this vulnerability allows an unauthenticated attacker to execute arbitrary code on the vulnerable asset
## Vulnerable application to verify the PoC
Application developed by [@securekomodo](https://github.com/securekomodo), is attached [here](https://github.com/securekomodo/text4shell-poc).
### Docker
This application can also be loaded from docker-registry
```
docker run -p 8080:8080 gokul2/text4shell-poc:latest
```
The application will be available at [localhost:8080](http://localhost:8080) now.
## Validation
To verify the arbitrary Command Execution, we use [interactsh](https://github.com/projectdiscovery/interactsh), a tool to capture OOB interactions by [@projectdiscovery](https://github.com/projectdiscovery).
### Setting up Interactsh-client
Set-up interactsh client before executing the actual exploit.
```
docker run projectdiscovery/interactsh-client:latest
```
Take a note of the domain listed after starting the application
```
[INF] Listing 1 payload for OOB Testing
[INF] xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.oast.pro
```
## Usage
```
python3 exploit.py -u [host] -i [input-file-with-targets] -v [interactsh client domain] -p [proxy(optional)]
python3 exploit.py -u [host] -t [single target path] -v [interactsh client domain] -p [proxy(optional)]
```
## Verification
Check for logs in the interactsh-client to validate the exploit.
[4.0K] /data/pocs/bb0149990ab9c2c0672908a5fd9e01e07cfe83e5
├── [3.7K] exploit.py
└── [1.5K] README.md
0 directories, 2 files