Author : Lucas Amorim (lucas@lucasamorim.ca)
Vendor Homepage: www.rubyonrails.org
Software Link: www.rubyonrails.org
There was a vulnerability in versions of Rails prior to 5.0.1 that would allow an attacker who controlled the locals argument of a render call.
Versions Affected: rails < 5.0.1 Not affected: Applications that do not allow users to control the names of locals. Fixed Versions: 4.2.11.2
#How To Install?
- $apt-get update&&apt-get upgrade
- $git clone https://github.com/novanazizr/Rails-5.0.1---RCE
- $cd Rails-5.0.1---RCE
- $ruby exploit.rb
- Ruby