## https://sploitus.com/exploit?id=2BF0165D-3519-53A6-99F6-B53E05328F14
# CVE-2022-42889 Test application
This repository contains a simple application using Apache Commons Text 1.9 which is vulnerable to CVE-2022-42889.
## Running the application
Build and run the application via docker:
```bash
docker build . -t vulnerable-app
docker run vulnerable-app
```
```sh
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d01d5cf33f60 vulnerable-app "java -jar demo-0.0.โฆ" 11 seconds ago Up 11 seconds awesome_brown
```
```sh
$ docker container exec -it d01d5cf33f60 ash
/opt/app # ls /tmp
hsperfdata_root rce_test
```
As you can see, the file `rce_test` exists. Which indicates RCE was succesful.