module
Ruby on Rails JSON Processor YAML Deserialization Code Execution
| Disclosed | Created |
|---|---|
| 2013-01-28 | 2018-05-30 |
Disclosed
2013-01-28
Created
2018-05-30
Description
This module exploits a remote code execution vulnerability in the
JSON request processor of the Ruby on Rails application framework.
This vulnerability allows an attacker to instantiate a remote object,
which in turn can be used to execute any ruby code remotely in the
context of the application. This vulnerability is very similar to
CVE-2013-0156.
This module has been tested successfully on RoR 3.0.9, 3.0.19, and
2.3.15.
The technique used by this module requires the target to be running a
fairly recent version of Ruby 1.9 (since 2011 or so). Applications
using Ruby 1.8 may still be exploitable using the init_with() method,
but this has not been demonstrated.
JSON request processor of the Ruby on Rails application framework.
This vulnerability allows an attacker to instantiate a remote object,
which in turn can be used to execute any ruby code remotely in the
context of the application. This vulnerability is very similar to
CVE-2013-0156.
This module has been tested successfully on RoR 3.0.9, 3.0.19, and
2.3.15.
The technique used by this module requires the target to be running a
fairly recent version of Ruby 1.9 (since 2011 or so). Applications
using Ruby 1.8 may still be exploitable using the init_with() method,
but this has not been demonstrated.
Authors
jjarmoc
egypt egypt@metasploit.com
lian
egypt egypt@metasploit.com
lian
Platform
Ruby
Architectures
ruby
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.