CVE-2016-2098 PoC — Ruby on Rails Action Pack 安全漏洞

Source

https://github.com/Debalinax64/CVE-2016-2098

Associated Vulnerability

Title:Ruby on Rails Action Pack 安全漏洞 (CVE-2016-2098)
Description:Ruby on Rails（Rails）是Rails核心团队开发维护的一套基于Ruby语言的开源Web应用框架，它是由大卫-海纳梅尔-韩森从美国37signals公司的项目管理工具Basecamp里分离出来的。Action Pack是其中的一个用于构建和测试MVC Web应用程序的组件。 Ruby on Rails的Action Pack中存在安全漏洞，该漏洞源于‘render’函数没有充分过滤用户提交的输入。远程攻击者可通过向应用程序发送特制的数据利用该漏洞执行任意Ruby代码。以下版本受到影响：Rub

Description

CVE-2016-2098 - POC of RCE Ruby on Rails: Improper Input Validation (CVE-2016-2098) in bash. Remote attackers can execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.

Readme

# CVE-2016-2098

Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method (RCE)

https://nvd.nist.gov/vuln/detail/CVE-2016-2098






# Use
git clone https://github.com/Debalinax64/CVE-2016-2098.git

cd CVE-2016-2098

/bin/bash ruby-on-rail-RCE.sh < website> <target_uri> < command>

Example: /bin/bash ruby-on-rail-RCE.sh "http://target.com" "pages?id" "pwd"

File Snapshot


 [4.0K]  /data/pocs/1d1950de49d5edea50a1b1e424217deed3061369
├── [ 519]  README.md
└── [ 664]  ruby-on-rail-RCE.sh

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!