CVE-2019-5418

Rails 3 PoC of CVE-2019-5418

Rails 3 PoC of CVE-2019-5418 A PoC app to verify CVE-2019-5418 on Rails 3 Based on githubcom/mpgn/CVE-2019-5418

CVE-2019-5418 Another scanner based off burl by tomnomnom go build go get githubcom/fatih/color cat websitestxt | /CVE-2019-5418

CVE-2019-5418 sandbox groupsgooglecom/forum/#!msg/rubyonrails-security/zRNVOUhKHrg/GmmcVXcmAAAJ initialize $ git clone githubcom/takeokunn/CVE-2019-5418 $ cd githubcom/takeokunn/CVE-2019-5418 $ docker-compose up Usage $ curl localhost/sandbox -H 'Accept: //config/databaseyml{{'

Ruby on Rails是一个 Web 应用程序框架,是一个相对较新的 Web 应用程序框架，构建在 Ruby 语言之上。这个漏洞主要是由于Ruby on Rails使用了指定参数的render file来渲染应用之外的视图，我们可以通过修改访问某控制器的请求包，通过“…/…/…/…/”来达到路径穿越的目的，然后再通过“{{”来进行模板查询路径的闭合，使得所要访问的文件被当做外部模板来解析。

CVE-2019-5418 1漏洞描述 Ruby on Rails是一个 Web 应用程序框架,是一个相对较新的 Web 应用程序框架，构建在 Ruby 语言之上。这个漏洞主要是由于Ruby on Rails使用了指定参数的render file来渲染应用之外的视图，我们可以通过修改访问某控制器的请求包，通过“…/…/…/…/”来�

kubernetes-security-workshop Le but du workshop est d'apprendre comment sécuriser son cluster Kubernetes par la pratique Nous allons aborder les sujets suivant : Les bonnes pratiques de sécurité des images de conteneur Cloisonner les composants d'un cluster Kubernetes La gestion des droits d'accès à l'API Kubernetes avec

RCE on Rails 5.2.2 using a path traversal (CVE-2019-5418) and a deserialization of Ruby objects (CVE-2019-5420)

Rails-doubletap-exploit RCE on Rails 522 using a path traversal (CVE-2019-5418) and a deserialization of Ruby objects (CVE-2019-5420) Technical Analysis: CVE-2019-5418 - githubcom/mpgn/CVE-2019-5418 CVE-2019-5420 - hackeronecom/reports/473888 Security Adivsory: CVE-2019-5418 - groupsgooglecom/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q CVE-2

Ruby on Rails 路径穿越与任意文件读取漏洞（CVE-2019-5418） 在控制器中通过render file形式来渲染应用之外的视图，且会根据用户传入的Accept头来确定文件具体位置。我们通过传入Accept: ////////etc/passwd{{头来构成构造路径穿越漏洞，读取任意文件。 参考链接： groupsgooglecom/foru

A multi-threaded Golang scanner to identify Ruby endpoints vulnerable to CVE-2019-5418

CVE-2019-5418-Scanner A multi-threaded Golang scanner to identify Ruby endpoints vulnerable to CVE-2019-5418 Usage Usage of /CVE-2019-5418-Scanner: -auth string Perform a scan using a auth token ie Basic YmFzZTY0VG9rZW5WYWx1ZQ== (default "nope") -http Use HTTP over HTTPS -insecure Ignore SSL/TLS Errors -log Log results to file

POC python script for CVE 2019-5418

RailRoadBandit This tool allows you to read arbitrary files from vulnerable web servers that run ruby on rails CVE-2019-5418 Due to how ruby renders files this can allow for file content disclosure By specially crafted accept headers in combination with calls to 'render file' can cause arbitrary files on the target server to be rendered, disclosing file contents To

Researching CVEs for Rails

CVE Lab for Ruby on Rails This lab lets you run different Ruby on Rails versions with Docker, to assist with penetration testing and CVE research To build the lab for a CVE, pinned to a specific rails version: $ CVE=CVE-2019-5418 RAILS_VERSION=521 make lab This should spin up the container and make it available on localhost:3000

A personal list of various resources for those who are interested in learning about infosec and hacking and keeping themselves up to date. This is by no means a complete nor fresh list, but I occasionally add entries to lists.

A bookmark index of useful tools, articles and cheat-sheets useful for various types of projects Interesting writings and articles: WEB: PHP PHP File Inclusion tips websecwordpresscom/2010/02/22/exploiting-php-file-inclusion-overview/ Using PHP filter:// for LFI: wwwidontplaydartscom/2011/02/using-php-filter-for-local-file-inclusion/ PHP RFI using data://

kubernetes-security-workshop Le but du workshop est d'apprendre comment sécuriser son cluster Kubernetes par la pratique Nous allons aborder les sujets suivant : Les bonnes pratiques de sécurité des images de conteneur Cloisonner les composants d'un cluster Kubernetes La gestion des droits d'accès à l'API Kubernetes avec

CVE-2019-5418 - File Content Disclosure on Ruby on Rails

CVE-2019-5418 - File Content Disclosure on Rails EDIT: this CVE can lead to a Remote Code Execution, more info: githubcom/mpgn/Rails-doubletap-RCE There is a possible file content disclosure vulnerability in Action View Specially crafted accept headers in combination with calls to render file: can cause arbitrary files on the target server to be rendered, disclosing

File Content Disclosure on Rails Test Case - CVE-2019-5418

CVE-2019-5418 Test case Run : $ rails s PoC : Accept: ////////etc/passwd{{ Req 1 - GET /shitblock HTTP/11 Host: REDACTED:3000 User-Agent: Mozilla/50 (Windows NT 100; Win64; x64; rv:650) Gecko/20100101 Firefox/650 Accept: diyarbakir_guzel_baglar_delale_lorke <------ CATCH C

RCE on Rails 5.2.2 using a path traversal (CVE-2019-5418) and a deserialization of Ruby objects (CVE-2019-5420)

Rails-doubletap-exploit RCE on Rails 522 using a path traversal (CVE-2019-5418) and a deserialization of Ruby objects (CVE-2019-5420) Technical Analysis: CVE-2019-5418 - githubcom/mpgn/CVE-2019-5418 CVE-2019-5420 - hackeronecom/reports/473888 Security Adivsory: CVE-2019-5418 - groupsgooglecom/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q CVE-2