Shulou(Shulou.com)05/31 Report--

How to reproduce the Ruby On Rails vulnerability cve-2019-5418? aiming at this problem, this article introduces the corresponding analysis and solution in detail, hoping to help more partners who want to solve this problem to find a more simple and feasible method.

0x01 vulnerability details

Ruby on Rails is a set of Web development framework developed using Ruby, which is very productive, maintainable and easy to deploy. It is one of the preferred frameworks for Web application development in the world.

The view outside the application is rendered in the form of render file in the controller, and the specific location of the file is determined based on the Accept header passed in by the user. We pass in Accept:.. /.. / etc/passwd {{to form a construction path traversal vulnerability to read arbitrary files. The function of {{is to close the template path.

0x02 affects version

Rails 6.0.0.beta3,5.2.2.1,5.1.6.2,5.0.7.2,4.2.11.1

0x03 vulnerability exploitation

First access the target address http://219.153.49.228:40300/

Then let's do practical exercises and casually visit a path that does not exist.

As you can see, the error was indeed reported, and then the robots path was leaked, and we tried to visit

Use burp to grab the package on this page, send it to repeater, and then modify accpte to.. /.. / etc/passwd {{

It was supposed to be like this.

We use.. / for path traversal and read etc/passwd

Payload: Accept:.. / etc/passwd {{

The key value was read successfully

This is the answer to the question about how to reproduce the Ruby On Rails vulnerability cve-2019-5418. I hope the above content can be of some help to you. If you still have a lot of doubts to be solved, you can follow the industry information channel to learn more about it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.