cyb3rjy0t
28 lines
737 B
YAML
28 lines
737 B
YAML
title: Text4Shell Exploit CVE-2022-42889
|
|
id: 85d466b0-d74c-4514-84d3-2bdd3327588b
|
|
status: experimental
|
|
description: Detects exploitation attempts for Apache Common Text Library
|
|
references:
|
|
- https://medium.com/geekculture/text4shell-exploit-walkthrough-ebc02a01f035
|
|
author: Harjot Singh, "@cyb3rjy0t"
|
|
date: 2023/01/16
|
|
tags:
|
|
- attack.t1190
|
|
- attack.initial_access
|
|
- cve.2022.42889
|
|
logsource:
|
|
category: webserver
|
|
detection:
|
|
selection1:
|
|
cs-uri-query|contains|all:
|
|
- 'getRuntime%28%29'
|
|
- 'exec%28'
|
|
selection2:
|
|
cs-uri-query|contains|all:
|
|
- 'getRuntime()'
|
|
- 'exec('
|
|
condition: selection1 OR selection2
|
|
falsepositives:
|
|
- Unknown
|
|
level: high
|