一、 漏洞 CVE-2013-0156 基础信息
漏洞信息
                                        # N/A

## 漏洞概述
Ruby on Rails中的active_support/core_ext/hash/conversions.rb文件未能正确限制字符串值的类型转换,导致攻击者可能通过YAML或Symbol类型转换发起对象注入攻击,进而执行任意代码或造成资源耗尽。

## 影响版本
- 2.3.0 - 2.3.14
- 3.0.0 - 3.0.18
- 3.1.0 - 3.1.9
- 3.2.0 - 3.2.10

## 细节
攻击者可以通过Action Pack支持的YAML类型转换或Symbol类型转换,利用未受限制的字符串值类型转换机制,发起对象注入攻击,导致任意代码执行或通过嵌套的XML实体引用造成严重的内存和CPU资源消耗。

## 影响
- 可能导致远程代码执行
- 可能导致资源耗尽(内存和CPU资源消耗增加)
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
N/A
来源:美国国家漏洞数据库 NVD
漏洞描述信息
active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion.
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
N/A
来源:美国国家漏洞数据库 NVD
漏洞标题
Ruby on Rails 输入验证错误漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Ruby on Rails是美国Rails团队的一套基于Ruby语言的开源Web应用框架。 Ruby on Rails存在输入验证错误漏洞,该漏洞源于没有正确限制字符串值的转换 ,允许远程攻击者进行注入并执行任意代码。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
输入验证错误
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2013-0156 的公开POC
# POC 描述 源链接 神龙链接
1 Silly Rails App to demonstrate vuln CVE-2013-0156 https://github.com/terracatta/name_reverser POC详情
2 Inspect all of your heroku apps to see if they are running a vulnerable version of Rails https://github.com/heroku/heroku-CVE-2013-0156 POC详情
3 crack repo from jnunemaker but with version 0.1.8 and rails CVE-2013-0156 vulnerability fixed https://github.com/josal/crack-0.1.8-fixed POC详情
4 Bootstrapped Rails 3.2.10 to test the remote code exploit CVE-2013-0156 https://github.com/bsodmike/rails-exploit-cve-2013-0156 POC详情
5 Arbitrary deserialization that can be used to trigger SQL injection and even Code execution https://github.com/R3dKn33-zz/CVE-2013-0156 POC详情
6 Pseudo shell for CVE-2013-0156. https://github.com/Jjdt12/kuang_grade_mk11 POC详情
7 This script is specifically designed to solve the challenge on PentesterLab for the CVE-2013-0156 exploit https://github.com/oxBEN10/CVE-2013-0156 POC详情
8 This script is specifically designed to solve the challenge on PentesterLab for the CVE-2013-0156 exploit https://github.com/oxben10/CVE-2013-0156 POC详情
9 Infoblox NetMRI virtual appliances before version 7.6.1 are vulnerable to remote code execution (RCE) due to the use of a hardcoded Ruby on Rails session cookie secret key. The Rails web component deserializes session cookies if the signing key is valid. Attackers with knowledge of this key can craft malicious session cookies that are deserialized by the application, leading to arbitrary code execution. This vulnerability is related to the known Ruby on Rails deserialization flaw (CVE-2013-0156). Infoblox did not assign a new CVE for this issue, as it is a result of the underlying Rails vulnerability. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/infoblox/infoblox-netmri-rails-cookie-rce.yaml POC详情
三、漏洞 CVE-2013-0156 的情报信息
四、漏洞 CVE-2013-0156 的评论

暂无评论

发表评论