Vulnerability & Exploit Database

Back to search

Ruby on Rails JSON Processor YAML Deserialization Code Execution

This module exploits a remote code execution vulnerability in the JSON request processor of the Ruby on Rails application framework. This vulnerability allows an attacker to instantiate a remote object, which in turn can be used to execute any ruby code remotely in the context of the application. This vulnerability is very similar to CVE-2013-0156. This module has been tested successfully on RoR 3.0.9, 3.0.19, and 2.3.15. The technique used by this module requires the target to be running a fairly recent version of Ruby 1.9 (since 2011 or so). Applications using Ruby 1.8 may still be exploitable using the init_with() method, but this has not been demonstrated.

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name

exploit/multi/http/rails_json_yaml_code_exec

Authors

  • jjarmoc
  • egypt <egypt [at] metasploit.com>
  • lian

References

Targets

  • Automatic

Platforms

  • ruby

Architectures

  • ruby

Reliability

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/multi/http/rails_json_yaml_code_exec msf exploit(rails_json_yaml_code_exec) > show targets ...targets... msf exploit(rails_json_yaml_code_exec) > set TARGET <target-id> msf exploit(rails_json_yaml_code_exec) > show options ...show and set options... msf exploit(rails_json_yaml_code_exec) > exploit

Related Vulnerabilities

Related Modules