GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and
privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
This PR merges in the work from espe and an anonymous contributor. In addition to adding the RoR exploit, this also introduces new ruby platform modules, which currently emulate standard "shell" payloads.
Exploit for CVE-2013-0156 and new ruby-platform modules
Unfortunately this method doesn't work against slightly different RoR versions, nor against 2.x.
This works against a wider range of RoR 3.x targets
This restores functionality across all rails 3.x
The __END__ trick is no longer needed
Thread wrappers were causing instant session closure
Rescue errors and update credits