The code that you can find here does the following:
- Asks the user to enter the IP_address.
- Runs a command "ping IP_address" and prints the result on the screen.
Can you figure out how to run any command you want, not only ping? Think about this: if you know how to run two commands in a row in cmd (or terminal, depending on your current OS), can you exploit this app to run any command you want? This code is written to be run on Windows.
You would have to run and test the code on your machine, online java compilers will not be able to do it. You can ping 1.1.1.1 (CloudFlare's secure & privacy-preserving DNS) for testing purposes.
How would you fix this vulnerability?