• Ronin - Rails PoC exploits for CVE-2013-0156 and CVE-2013-0155

    ronin-ruby.github.com 10 Jan '13, 7am

    Next, [ActionDispatch::Http::Parameters] takes the parsed request parameters and merges them with the path parameters. Note that the path parameters are first merged into the request parameters, to ensure that the request parameters cannot override the path parameters. Also note that ...

  • Ronin - Rails PoC exploit for CVE-2013-0333

    ronin-ruby.github.com 29 Jan '13, 6am

    $ rails_omakase http://localhost:3000/secrets "puts 'lol'" lol Started POST "/secrets" for at 2013-01-28 18:53:18 -0800 Processing by SecretsController#show as Parameters: {"_json"=>#<ActionDispatch::Routing::RouteSet::NamedRouteCollection:0x00000002221080 @routes={:"foo\nen...