NOMISEC-kiralab/text4shell-scan

NOMISEC SCANNER

Exploit for CVE-2022-42889 - Apache Commons Text < 1.10.0 - Code Injection

AI Analysis

This repository contains a scanner for detecting CVE-2022-42889 (Text4Shell), an RCE vulnerability in Apache Commons Text. The tool fuzzes HTTP headers, POST data, and JSON parameters with DNS callback payloads to identify vulnerable hosts.

Attack Type

RCE

Complexity

moderate

Reliability

reliable

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

Loading exploit code...

Download ZIP Password: eip

Source

Platform Nomisec

Type poc

Files 10

https://github.com/kiralab/text4shell-scan

Stars 0

Forks 12

Last Push Oct 19, 2022

Authors

kiralab Bryan Smith (@securekomodo) Mazin Ahmed (FullHunt.io)

Vulnerability

CVE-2022-42889

Apache Commons Text < 1.10.0 - Code Injection

CRITICAL

CVSS 9.8