CVE-2013-0156 PoC — Ruby on Rails 输入验证错误漏洞

Source

https://github.com/heroku/heroku-CVE-2013-0156

Associated Vulnerability

Title:Ruby on Rails 输入验证错误漏洞 (CVE-2013-0156)
Description:Ruby on Rails是美国Rails团队的一套基于Ruby语言的开源Web应用框架。 Ruby on Rails存在输入验证错误漏洞，该漏洞源于没有正确限制字符串值的转换，允许远程攻击者进行注入并执行任意代码。

Description

Inspect all of your heroku apps to see if they are running a vulnerable version of Rails

Readme

heroku-CVE-2013-0156
===

This vulnerability has been supplanted by CVE-2013-0333. See
[https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/1h2DR63ViGo](https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/1h2DR63ViGo)
for more details.

A replacement for this script, covering CVE-2013-0333, can be found at
[https://github.com/heroku/heroku-CVE-2013-0333](https://github.com/heroku/heroku-CVE-2013-0333)

File Snapshot


 [4.0K]  /data/pocs/0ab1f1d3c05565c5faea7ebe6eff228b9754cd9f
├── [ 926]  heroku-CVE-2013-0156.rb
├── [ 487]  heroku-CVE-2013-0156.rb.asc
└── [ 447]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!