NOMISEC-Sic4rio/CVE-2022-42889

NOMISEC WORKING POC

Exploit for CVE-2022-42889 - Apache Commons Text < 1.10.0 - Code Injection

AI Analysis

This PoC exploits CVE-2022-42889 (Text4Shell) by injecting a malicious payload into the User-Agent header and URL query parameter to achieve remote code execution via JavaScript execution in Apache Commons Text.

Attack Type

RCE

Complexity

trivial

Reliability

reliable

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

Loading exploit code...

Download ZIP Password: eip

Source

Platform Nomisec

Type remote

Files 1

https://github.com/Sic4rio/CVE-2022-42889

Stars 0

Forks 1

Last Push Sep 06, 2023

Authors

Sic4rio SICARI0

Vulnerability

CVE-2022-42889

Apache Commons Text < 1.10.0 - Code Injection

CRITICAL

CVSS 9.8