Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2013-0156 PoC — Ruby on Rails 输入验证错误漏洞

Source
https://github.com/oxben10/CVE-2013-0156
Associated Vulnerability
Title:Ruby on Rails 输入验证错误漏洞 (CVE-2013-0156)
Description:active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion.
Description
This script is specifically designed to solve the challenge on PentesterLab for the CVE-2013-0156 exploit
Readme
# Original Script Reference
For more details on the original exploit script, refer to the gist link [CVE-2013-0156](https://gist.github.com/postmodern/4499206)

# CVE-2013-0156 Exploit Script
This script is specifically designed to solve the challenge on **PentesterLab** for the CVE-2013-0156 exploit. You can access the challenge here: [PentesterLab - CVE-2013-0156 Challenge](https://pentesterlab.com/exercises/cve-2013-0156).

This Python script is designed to exploit the **CVE-2013-0156** vulnerability, a critical **remote code execution (RCE)** issue in Ruby on Rails applications caused by insecure deserialization of YAML objects. The vulnerability allows an attacker to inject arbitrary code through a crafted YAML payload, leading to code execution on the target server.

## Features

- **Payload Injection**: The script sends a crafted XML payload to the target URL, exploiting the deserialization vulnerability in vulnerable Rails applications (Rails 2.x and 3.x).
- **Customizable Target Version**: Supports specifying whether the target is Rails 2.x or 3.x, allowing more control over payload format.
- **Formatted Output**: The script presents a well-structured and visually appealing output with color-coded request and response details, making it easy to track the exploit's status and response.
- **Success Notification**: Upon successful exploitation, the script notifies the user that the exploit has been executed successfully.

## Usage

### Installation

Make sure you have the required Python packages installed by running:

```bash
pip install requests colorama pyyaml
```
## Running the Script
```bash
python exploit.py <URL> <PAYLOAD> [rails3|rails2] [--show ]
```
### Example

```bash
  python exploit.py http://example.com/payload example_payload rails3 --show
```
------
## Example Output
Upon successful execution, the script will display a color-coded output with the following sections:

Request: Shows the URL, headers, and the XML payload being sent.
Response: Displays the status code and the response body (truncated for large responses).
Success/Failure Notification: Notifies you if the exploit was successful or if any error occurred.

## Important Notes
Use Responsibly: This script is designed for educational purposes and should only be used on systems you have permission to test. Unauthorized exploitation of this vulnerability is illegal and unethical.
Rails Versions: This script supports Rails 3.x and 2.x. Ensure the target is running a vulnerable version of Rails before attempting the exploit.
File Snapshot

 [4.0K]  /data/pocs/32059a5ed0ce0530dc0d1ad8ebc559af06eccb25
├── [5.8K]  cve-2013-0156.py
└── [2.5K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →