Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2013-0156 PoC — Ruby on Rails 输入验证错误漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/infoblox/infoblox-netmri-rails-cookie-rce.yaml
Associated Vulnerability
Title:Ruby on Rails 输入验证错误漏洞 (CVE-2013-0156)
Description:Ruby on Rails是美国Rails团队的一套基于Ruby语言的开源Web应用框架。 Ruby on Rails存在输入验证错误漏洞,该漏洞源于没有正确限制字符串值的转换 ,允许远程攻击者进行注入并执行任意代码。
Description
Infoblox NetMRI virtual appliances before version 7.6.1 are vulnerable to remote code execution (RCE) due to the use of a hardcoded Ruby on Rails session cookie secret key. The Rails web component deserializes session cookies if the signing key is valid. Attackers with knowledge of this key can craft malicious session cookies that are deserialized by the application, leading to arbitrary code execution. This vulnerability is related to the known Ruby on Rails deserialization flaw (CVE-2013-0156). Infoblox did not assign a new CVE for this issue, as it is a result of the underlying Rails vulnerability.
File Snapshot

 id: infoblox-netmri-rails-cookie-rce

info:
  name: Infoblox NetMRI < 7.6.1 - Remote Code Execution 

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.