当前位置:网站首页>Ruby on rails Code Execution Vulnerability (cve-2020-8163) technical analysis, research, judgment and protection
Ruby on rails Code Execution Vulnerability (cve-2020-8163) technical analysis, research, judgment and protection
2022-07-26 06:37:00 【Thousand miles:)】
Vulnerability profile
Ruby on Rails yes Rails A set of team based Ruby Open source language Web Application framework .
Ruby on Rails 5.0.1 Code injection vulnerability exists in previous versions . A remote attacker can use this vulnerability to send a crafted request to execute arbitrary code .
scope
Rails < 5.0.1
Environment building
Reference resources https://github.com/QianliZLP/CVE-2020-8163- that will do
Loophole recurrence
Exp:
exploit.rb
#!/usr/bin/ruby
# Exploit Title: Remote code execution of user-provided local names in Rails < 5.0.1 and < 4.2.11.2
# Vendor Homepage: www.rubyonrails.org
# Software Link: www.rubyonrails.org
# V边栏推荐
- Yolov6: the fast and accurate target detection framework is open source
- Merge_sort
- 力扣5: 最长回文子串
- 『期末复习』16/32位微处理器(8086)基本寄存器
- Upgrade appium automation framework to the latest 2.0
- [day05_0422] C language multiple choice questions
- [day06_0423] C language multiple choice questions
- Force buckle - 3. Longest substring without repeated characters
- BPG notes (IV)
- [day_070425] legal bracket sequence judgment
猜你喜欢
What is the concept and purpose of white box testing? And what are the main methods?
A tool for quickly switching local host files -- switchhosts
少儿编程 电子学会图形化编程等级考试Scratch一级真题解析(选择题)2022年6月
Conda 虚拟环境envs目录为空
Overview of image classification of vision transformer must read series
深度学习——CV、CNN、RNN
性能测试包括哪些方面?分类及测试方法有哪些?
【无标题】
Do it yourself smart home: intelligent air conditioning control
![[day_060423] no two](/img/2b/5bcb3e089a3157fe72a50ddb767e63.png)
[day_060423] no two
随机推荐
排序问题:冒泡排序,选择排序,插入排序
抖音web端 s_v_web_id 参数生成分析与实现
【图像隐藏】基于混合 DWT-HD-SVD 的数字图像水印方法技术附matlab代码
[day_050422] statistical palindrome
SQL optimization scheme
Force buckle - 3. Longest substring without repeated characters
Go 的通道channel
Upgrade appium automation framework to the latest 2.0
dev treelist 常用用法小结
Children's programming electronic society graphical programming level examination scratch level 1 real problem analysis (multiple choice) June 2022
[pytorch] picture enlargement
Go 的切片与数组
[day_070425] Fibonacci series
Do you think you are a reliable test / development programmer? "Back to the pot"? Surface and reality
Conda 虚拟环境envs目录为空
BigDecimal变为负数
"Harmonyos" explore harmonyos applications
【C语言】通讯录动态版和文件版
【无标题】
[C language] address book dynamic version and document version