NOMISEC-rhitikwadhvana/CVE-2022-42889-Text4Shell-Exploit-POC

NOMISEC WORKING POC

Exploit for CVE-2022-42889 - Apache Commons Text < 1.10.0 - Code Injection

AI Analysis

This is a functional PoC for CVE-2022-42889 (Text4Shell), exploiting a remote code execution vulnerability in Apache Commons Text via malicious string interpolation. It sends a crafted payload to a target URL, triggering a reverse shell connection to the attacker's specified host and port.

Attack Type

RCE

Complexity

trivial

Reliability

reliable

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

Loading exploit code...

Download ZIP Password: eip

Source

Platform Nomisec

Type remote

Files 2

https://github.com/rhitikwadhvana/CVE-2022-42889-Text4Shell-Exploit-POC

Stars 1

Forks 0

Last Push Oct 22, 2022

Authors

rhitikwadhvana

Vulnerability

CVE-2022-42889

Apache Commons Text < 1.10.0 - Code Injection

CRITICAL

CVSS 9.8