NOMISEC-gokul-ramesh/text4shell-exploit

NOMISEC WORKING POC

Exploit for CVE-2022-42889 - Apache Commons Text < 1.10.0 - Code Injection

AI Analysis

This is a functional Proof of Concept for CVE-2022-42889 (Text4Shell), exploiting Apache Commons Text to achieve arbitrary command execution via crafted payloads in query parameters or User-Agent headers. It uses an out-of-band (OOB) interaction with Interactsh for validation.

Attack Type

RCE

Complexity

trivial

Reliability

reliable

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

Loading exploit code...

Download ZIP Password: eip

Source

Platform Nomisec

Type remote

Files 3

https://github.com/gokul-ramesh/text4shell-exploit

Stars 1

Forks 3

Last Push Mar 12, 2023

Authors

gokul-ramesh

Vulnerability

CVE-2022-42889

Apache Commons Text < 1.10.0 - Code Injection

CRITICAL

CVSS 9.8