Skip to content

neerazz/CVE-2022-42889

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
.mvn/wrapper
.mvn/wrapper
 
 
src/main
src/main
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
mvnw
mvnw
 
 
mvnw.cmd
mvnw.cmd
 
 
pom.xml
pom.xml
 
 

Repository files navigation

CVE-2022-42889 Test application

This repository contains a simple application using Apache Commons Text 1.9 which is vulnerable to CVE-2022-42889.

Steps to reproduce the exploit.

Steps to reproduce the exploit in a repo.

  • Copy DemoApplication.java to your repo.
  • Run the main method, with default string (suggested).
  • If your output for the default string is 519. Or if your app runs without any error:
    • Then the app is exploitable. 🥵

Running the application in VM

  • Clone the repo
  • Build the project
  mvn assembly:assembly -DdescriptorId=jar-with-dependencies
  • Run the application on VM (by giving below command)
  java -jar target/demo-0.0.1-SNAPSHOT-jar-with-dependencies.jar
  • When asked for input, let the default string (Hit enter).
  • If your output for the default string is 519. Or if your app runs without any error:
    • Then the app is exploitable. 🥵

Running the application in docker

  • Clone the repo
  • Replace OPENJRE_JRE_IMAGE with the image in your repo.
  • Build and run the application via docker:
docker build -t poc .
docker run -it poc
  • When asked for input, let the default string (Hit enter).
  • If your output for the default string is 519. Or if your app runs without any error:
    • Then the app is exploitable. 🥵

As you can see, the operation is executed. Which indicates RCE was successful.

About

No description or website provided.

Topics

cve-poc cve-2022-42889 cve-2022-42889-expliot

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages