NOMISEC-Syndicate27/text4shell-exploit

NOMISEC WORKING POC

Exploit for CVE-2022-42889 - Apache Commons Text < 1.10.0 - Code Injection

AI Analysis

This is a functional Python-based PoC exploit for CVE-2022-42889 (Text4Shell), targeting Apache Commons Text < 1.10.0. It leverages the `StringSubstitutor` class with script interpolation to execute a reverse shell via a crafted HTTP POST request.

Attack Type

RCE

Complexity

trivial

Reliability

reliable

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

Loading exploit code...

Download ZIP Password: eip

Source

Platform Nomisec

Type poc

Files 3

https://github.com/Syndicate27/text4shell-exploit

Stars 0

Forks 1

Last Push Mar 24, 2025

Authors

Syndicate27

Vulnerability

CVE-2022-42889

Apache Commons Text < 1.10.0 - Code Injection

CRITICAL

CVSS 9.8