Posts tagged Ruby on Rails

2 min Nexpose

Nexpose Gem 1.0 Released

As of April 8th, 2015, version 1.0 of the Nexpose gem (nexpose-client) is available. Big Numbers Mean Big Changes Nexpose 5.13 brings new API 2.1 features and following on that the 1.0 version of the Nexpose gem uses these new features. Because of this, the new version of the gem includes some changes that are not backwards compatible with older versions of the gem or Nexpose. A migration guide is available [https://github.com/rapid7/nexpose-client/wiki/Conversion-Guide%3A-0.9.x-to-1.0.0] to h

2 min Ruby on Rails

Metasploit Framework Rails 4.0 Upgrade

It is always a running battle to keep an application's backend up to date with various technologies. Today, we are excited to announce that Metasploit Framework now ships with Rails 4.0. Upgrades like this are sometimes hard to get excited about because if everything goes well, users should see no difference. There are many reasons to upgrade to Rails 4, though. Why Upgrade Here are the important reasons to upgrade from our perspective: * Security is a big part of why we have to keep our code

7 min Ruby on Rails

Not Reinventing The Wheel: The Metasploit Rails::Application in 4.10

In Metasploit 4.10, we converted Metasploit Framework (and prosvc in Metasploit Commercial Editions) to be a full-fledged Rails::Application.  You may be wondering why Metasploit Framework and prosvc, should be Rails applications when they aren't serving up web pages.  It all has to do with not reinventing the wheel and very useful parts of Rails, Rails::Railtie and Rails::Engine. Rails 3.0 infrastructure Since Rails 3.0, Rails has been broken into multiple gems that didn't require each other a

4 min Ruby on Rails

12 Days of HaXmas: Exploiting (and Fixing) RJS Rails Info Leaks

This post is the fifth in a series, 12 Days of HaXmas, where we take a look at some of more notable advancements in the Metasploit Framework over the course of 2013. Several weeks ago, Egor Homakov wrote a blog post [http://homakov.blogspot.com/2013/11/rjs-leaking-vulnerability-in-multiple.html] pointing out a common info leak vulnerability in many Rails apps that utilize Remote JavaScript. The attack vector and implications can be hard to wrap your head around, so in this post I'll explain ho

5 min Open Source

Weekly Update: OpSec in Open Source Projects

The weekly Metasploit update is out, and I wanted to highlight three modules that landed in the last week, all of which target open source software. It's easy to drink the FOSS Kool-Aid, and talk about how it's more inherently secure than secret source software, but sadly, security is Hard Work, even in happy-hippie open source land. OpenX Backdoored First, a little background -- Heise Security reported that the OpenX open source ad server got itself backdoored [http://www.heise.de/security/mel

3 min Metasploit

Weekly Update: Introducing Metasploit 4.5.3

Version bump to Metasploit 4.5.3 This week, we've incremented the Metasploit version number by one trivial point to 4.5.3 -- this was mainly done to ensure that new users get the fixes for the four [https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_QHo4BqnN8] most [https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/KZwsQbYsOiI] recent [https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/zAAU7vGTPvI] vulnerabilities [https

3 min Metasploit

Weekly Update: UPnP, Another Rails Exploit, and Auditing Joomla

UPnP Scanning The big news this week are the UPnP / SSDP vulnerability announcements [/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play] that we've been coordinating between CERT/CC, open source vendors, and device manufacturers over the last couple months. We have a pretty excellent white paper on the subject, written by Metasploit founder and international superhacker HD Moore [https://twitter.com/hdmoore], so I won't attempt to rehash that here, but the TL;DR of what you

1 min Exploits

Serialization Mischief Redux: Exploit for Ruby on Rails CVE-2013-0333

This afternoon, another scary advisory [https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/1h2DR63ViGo] was posted to the Ruby on Rails security discussion list. Fortunately, this one doesn't affect any Metasploit products. The previous advisory [https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion] (that HD talked about here [/2013/01/09/serialization-mischief-in-ruby-land-cve-2013-0156]) dealt with Rails parameter parsing of XML from a POS

5 min Exploits

Exploiting Ruby on Rails with Metasploit (CVE-2013-0156)

Background Earlier this week, a critical security flaw [/2013/01/09/serialization-mischief-in-ruby-land-cve-2013-0156] in Ruby on Rails (RoR) was identified that could expose an application to remote code execution, SQL injection, and denial of service attacks. Ruby on Rails is a popular web application framework that is used by both web sites and web-enabled products and this flaw is by far the worst security problem to surface in this framework to date. If you are interested in the details of

4 min Metasploit

Serialization Mischief in Ruby Land (CVE-2013-0156)

This afternoon a particularly scary advisory [https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion] was posted to the Ruby on Rails (RoR) security discussion list. The summary is that the XML processor in RoR can be tricked into decoding the request as a YAML document or as a Ruby Symbol, both of which can expose the application to remote code execution or SQL injection. A gentleman by the name of Felix Wilhelm went into detail [http://www.insinuator.net/2013/01/r

3 min Metasploit

Weekly Metasploit Update: Mac OSX 64-Bit Payloads and More!

In addition to the frankly killer 0-day in RateMyPet, we have a couple other things going on in Metasploit land. Mac OSX 64-Bit Payloads Probably the most significant add this week is Metasploit community contributor Nemo's two new 64-bit payloads for Mac OSX targets. While OSX isn't the most popular target on the block, we do have a steadily growing collection of exploits targeting Apple platforms, so bringing 64-Bit platforms into the fold of assessable targets is kind of a big deal. Thanks N