关联漏洞
标题:Apache Commons Text 代码注入漏洞 (CVE-2022-42889)Description:Apache Commons Text是美国阿帕奇(Apache)基金会的一个专注于字符串算法的库。 Apache Commons Text 1.5至1.9版本存在安全漏洞,该漏洞源于默认的Lookup实例集包括可能导致任意代码执行或与远程服务器联系的插值器,可能容易受到远程代码执行或与远程服务器的无意接触的影响。
Description
This repository contains a Python script to automate the process of testing for a vulnerability known as Text4Shell, referenced under the CVE id: CVE-2022-42889.
介绍
# CVE-2022-42889 (Text4Shell) Testing Script
This repository contains a Python script to automate the process of testing for a vulnerability known as Text4Shell, referenced under the CVE id: CVE-2022-42889.
## About Text4Shell (CVE-2022-42889)
Text4Shell is a critical vulnerability that affects a wide range of systems. The vulnerability lies in the way these systems parse text strings and allows for the execution of arbitrary code or SSRF attacks. The vulnerability is exploited through crafted strings, where either JavaScript code is executed (leading to Remote Code Execution (RCE)) or URLs are fetched (leading to Server-Side Request Forgery (SSRF)).
From [Tarlogic](https://www.tarlogic.com/blog/cve-2022-42889-text4shell-vulnerability/):
- **Exploitation requirements**:
- The application accepts user-controlled input that is subsequently processed by one of the following methods of the affected component:
- StringLookupFactory.INSTANCE.interpolatorStringLookup().lookup()
- StringSubstitutor.createInterpolator().replace()
- Java versions equal or greater than Java 15 would not be susceptible to remote code execution, since the Nashorn engine is disabled and the “script” prefix would not be available. However, other attacks via the “url” and “dns” prefixes would be possible.
## Script Usage
This Python script helps in testing the presence of the Text4Shell vulnerability in a system. The scope of this script includes: testing of script and url prefixes.
The script has two modes of operation: RCE and SSRF, controlled by the `-m` or `--mode` command-line argument. It constructs a URL incorporating a crafted string based on the selected mode and makes a GET request to the URL.
### RCE Mode
In RCE mode, the script creates a crafted string that attempts to execute a JavaScript command. The command to be executed is passed as a command-line argument using `-c` or `--command`.
```bash
python text4shell.py -u 'http://example.com/search?query=' -c 'your_command' -m 'rce'
```
### SSRF Mode
In SSRF mode, the script creates a crafted string that includes a URL fetch command.
```bash
python text4shell.py -u 'http://example.com/search?query=' -m 'ssrf' -s 'http://example.com/resource'
```
### Response
The script makes a GET request to the constructed URL and prints the HTTP response status code and body.
文件快照
[4.0K] /data/pocs/29029e78f9b224a5c27601c53a20121d02c8ef46
├── [2.3K] README.md
└── [1.5K] text4shell.py
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →