# CVE-2022-42889 Test application
This repository contains a simple application using Apache Commons Text 1.9 which is vulnerable to CVE-2022-42889.
# Steps to reproduce the exploit.
## Steps to reproduce the exploit in a repo.
- Copy [DemoApplication.java](/src/main/java/com/example/demo/DemoApplication.java) to your repo.
- Run the main method, with default string (suggested).
- If your output for the default string is 519. Or if your app runs without any error:
- Then the app is exploitable. :hot_face:
## Running the application in VM
- Clone the repo
- Build the project
```
mvn assembly:assembly -DdescriptorId=jar-with-dependencies
```
- Run the application on VM (by giving below command)
```
java -jar target/demo-0.0.1-SNAPSHOT-jar-with-dependencies.jar
```
- When asked for input, let the default string (Hit enter).
- If your output for the default string is 519. Or if your app runs without any error:
- Then the app is exploitable. :hot_face:
## Running the application in docker
- Clone the repo
- Replace OPENJRE_JRE_IMAGE with the image in your repo.
- Build and run the application via docker:
```bash
docker build -t poc .
docker run -it poc
```
- When asked for input, let the default string (Hit enter).
- If your output for the default string is 519. Or if your app runs without any error:
- Then the app is exploitable. :hot_face:
As you can see, the operation is executed. Which indicates RCE was successful.
[4.0K] /data/pocs/38881f4b96dd9a1c05116af4ad7234235fbd885b
├── [ 397] Dockerfile
├── [9.8K] mvnw
├── [6.5K] mvnw.cmd
├── [1.1K] pom.xml
├── [1.4K] README.md
└── [4.0K] src
└── [4.0K] main
├── [4.0K] java
│ └── [4.0K] com
│ └── [4.0K] example
│ └── [4.0K] demo
│ └── [1.4K] DemoApplication.java
└── [4.0K] resources
└── [ 1] application.properties
7 directories, 7 files