Exploit for Code Injection in Apache Commons Text CVE-2022-42889

Name: Exploit for Code Injection in Apache Commons Text CVE-2022-42889
Rating: 5 (393 reviews)

2022-10-17 | CVSS 7.5

## https://sploitus.com/exploit?id=2BF0165D-3519-53A6-99F6-B53E05328F14
# CVE-2022-42889 Test application

This repository contains a simple application using Apache Commons Text 1.9 which is vulnerable to CVE-2022-42889.

## Running the application

Build and run the application via docker:

```bash
docker build . -t vulnerable-app
docker run vulnerable-app
```

```sh
$ docker ps                                 
CONTAINER ID   IMAGE            COMMAND                  CREATED         STATUS         PORTS                                       NAMES
d01d5cf33f60   vulnerable-app   "java -jar demo-0.0.…"   11 seconds ago   Up 11 seconds                                                awesome_brown
```

```sh
$ docker container exec -it d01d5cf33f60 ash
/opt/app # ls /tmp
hsperfdata_root  rce_test
```

As you can see, the file `rce_test` exists. Which indicates RCE was succesful.