CVE-2016-2098 PoC — Ruby on Rails Action Pack 安全漏洞

Source

https://github.com/0x00-0x00/CVE-2016-2098

Associated Vulnerability

Title:Ruby on Rails Action Pack 安全漏洞 (CVE-2016-2098)
Description:Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.

Description

Ruby On Rails unrestricted render() exploit

Readme

# CVE-2016-2098
Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method. 

# Resources
* https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2098

# Usage
To use this exploit script, you need three parameters.
    1. The web page URL of the vulnerable web-server.
    2. The vulnerable parameter that might inject commands. 
    3. A shell command to execute in the remote server.


![Screenshot1](img/1.JPG?raw=true)

After succesfully executing the exploit, you'll be able to read the output of your command, somewhere in the response page, like below:


![Screenshot2](img/2.JPG?raw=true)

# Author
I am not the author of the vulnerability.

I am the author of this exploit program written in Golang.

If you decide to use it or modify it in any way, please don't strip the credits from it.

File Snapshot


 [4.0K]  /data/pocs/c5cb68de45456e8874a5d50d3a287f7c2b9e3c28
├── [4.0K]  img
│   ├── [ 26K]  1.JPG
│   └── [ 23K]  2.JPG
├── [1.9K]  main.go
├── [ 958]  README.md
└── [5.5M]  rubyonrails-cve-2016-2098

1 directory, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!