Name | rails_activestorage_rce |
---|---|
CVE | CVE-2019-5420 Exploit Pack |
VENDOR: Rails | |
NOTES: |
The vulnerability resides in the ActionStorage component of Ruby on Rails due to insufficient validation
on Marshal.load().
This exploit works with Ruby On Rails applications in production, which must be vulnerable to Arbitrary File Disclosure (CVE-2019-5418),
configuration files are read in order to obtain the secret_key used to sign the encoded object sent in the URL.
IMPORTANT: In the path textfield you need to put a controller vulnerable to CVE-2019-5418.
Vulnerable Rails versions:
Tested on:
Repeatability: Infinite
References: https://groups.google.com/forum/#!topic/rubyonrails-security/IsQKvDqZdKw
CVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-5420
Date public: 13/03/2019