## https://sploitus.com/exploit?id=33035C31-AC32-560B-920E-F35F908D3422
# CVE-2022-42889 Test application
This repository contains a simple application using Apache Commons Text 1.9 which is vulnerable to CVE-2022-42889.
# Steps to reproduce the exploit.
## Steps to reproduce the exploit in a repo.
- Copy [DemoApplication.java](/src/main/java/com/example/demo/DemoApplication.java) to your repo.
- Run the main method, with default string (suggested).
- If your output for the default string is 519. Or if your app runs without any error:
- Then the app is exploitable. :hot_face:
## Running the application in VM
- Clone the repo
- Build the project
```
mvn assembly:assembly -DdescriptorId=jar-with-dependencies
```
- Run the application on VM (by giving below command)
```
java -jar target/demo-0.0.1-SNAPSHOT-jar-with-dependencies.jar
```
- When asked for input, let the default string (Hit enter).
- If your output for the default string is 519. Or if your app runs without any error:
- Then the app is exploitable. :hot_face:
## Running the application in docker
- Clone the repo
- Replace OPENJRE_JRE_IMAGE with the image in your repo.
- Build and run the application via docker:
```bash
docker build -t poc .
docker run -it poc
```
- When asked for input, let the default string (Hit enter).
- If your output for the default string is 519. Or if your app runs without any error:
- Then the app is exploitable. :hot_face:
As you can see, the operation is executed. Which indicates RCE was successful.