CVE-2019-5418 PoC — Action View 信息泄露漏洞

Source

https://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/Ruby%20On%20Rails%20%E8%B7%AF%E5%BE%84%E7%A9%BF%E8%B6%8A%E4%B8%8E%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E%20CVE-2019-5418.md

Associated Vulnerability

Title:Action View 信息泄露漏洞 (CVE-2019-5418)
Description:Action View中存在信息泄露漏洞。攻击者可利用该漏洞泄露文件内容。

File Snapshot


 # Ruby On Rails 路径穿越与任意文件读取漏洞CVE-2019-5418

## 漏洞描述

在控制器中通过`render file`形式来渲染应用之外的视图，且会根据用户传入的Accep

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.