关联漏洞
介绍
# CVE-2022-42889 Test application
This repository contains a simple application using Apache Commons Text 1.9 which is vulnerable to CVE-2022-42889.
# Steps to reproduce the exploit.
## Steps to reproduce the exploit in a repo.
- Copy [DemoApplication.java](/src/main/java/com/example/demo/DemoApplication.java) to your repo.
- Run the main method, with default string (suggested).
- If your output for the default string is 519. Or if your app runs without any error:
- Then the app is exploitable. :hot_face:
## Running the application in VM
- Clone the repo
- Build the project
```
mvn assembly:assembly -DdescriptorId=jar-with-dependencies
```
- Run the application on VM (by giving below command)
```
java -jar target/demo-0.0.1-SNAPSHOT-jar-with-dependencies.jar
```
- When asked for input, let the default string (Hit enter).
- If your output for the default string is 519. Or if your app runs without any error:
- Then the app is exploitable. :hot_face:
## Running the application in docker
- Clone the repo
- Replace OPENJRE_JRE_IMAGE with the image in your repo.
- Build and run the application via docker:
```bash
docker build -t poc .
docker run -it poc
```
- When asked for input, let the default string (Hit enter).
- If your output for the default string is 519. Or if your app runs without any error:
- Then the app is exploitable. :hot_face:
As you can see, the operation is executed. Which indicates RCE was successful.
文件快照
[4.0K] /data/pocs/38881f4b96dd9a1c05116af4ad7234235fbd885b
├── [ 397] Dockerfile
├── [9.8K] mvnw
├── [6.5K] mvnw.cmd
├── [1.1K] pom.xml
├── [1.4K] README.md
└── [4.0K] src
└── [4.0K] main
├── [4.0K] java
│ └── [4.0K] com
│ └── [4.0K] example
│ └── [4.0K] demo
│ └── [1.4K] DemoApplication.java
└── [4.0K] resources
└── [ 1] application.properties
7 directories, 7 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。