29 Jan '13, 3pm

[remote] - Ruby on Rails JSON Processor YAML Deserialization Code Execution: Ruby on Rails JSON Processor YAML D...

## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # web site for more information on licensing and terms of use. # http://metasploit.com/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::CmdStagerTFTP include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' => 'Ruby on Rails JSON Processor YAML Deserialization Code Execution', 'Description' => %q{ This module exploits a remote code execution vulnerability in the JSON request processor of the Ruby on Rails application framework. This vulnerability allows an attacker to instantiate a remote object, which in turn can be used to execute any ruby code remotely in the context of the application. This vulnerability is very similar to CVE...

Full article: http://www.exploit-db.com/exploits/24434/

Tweets

Ruby on Rails JSON Processor YAML Deserializati...

packetstormsecurity.com 29 Jan '13, 4pm

This Metasploit module exploits a remote code execution vulnerability in the JSON request processor of the Ruby on Rails a...

Vulnerability in JSON Parser in Ruby on Rails 3...

groups.google.com 28 Jan '13, 9pm

Dieser Browser wird nicht unterstützt.

Vulnerability in JSON Parser in Ruby on Rails 3...

groups.google.com 28 Jan '13, 9pm

Dieser Browser wird nicht unterstützt.

#Vulnerabilities Ruby on Rails JSON Processor Y...

net-security.org 03 Feb '13, 7am

Cisco shows the global picture of information security Posted on 31 January 2013. | Cisco released findings from two globa...

Ruby on Rails の JSON 解析処理に脆弱性

jvn.jp 29 Jan '13, 3am

Ruby on Rails [SEC][ANN] Rails 3.0.20, and 2.3.16 have been released! Vulnerability in JSON Parser in Ruby on Rails 3.0 an...

Ruby on Rails の JSON のパラメータ解析の脆弱性により任意のコードを実行される脆弱性(CVE-2013-0333)に関する検証レポート -

Ruby on Rails の JSON のパラメータ解析の脆弱性により任意のコードを実行され...

security.intellilink.co.jp 01 Feb '13, 5am

Vulnerability Note VU#628463: Ruby on Rails 3.0 and 2.3 JSON Parser vulnerability http://www.kb.cert.org/vuls/id/628463

Ruby on Rails Programming by zscorp: We need to...

freelancer.com 28 Jan '13, 9pm

Freelancer.com (formerly GetAFreelancer) is the world's largest outsourcing and crowdsourcing marketplace for small busine...

Some Versions of Ruby on Rails Vulnerable to Ne...

threatpost.com 29 Jan '13, 6pm

A vulnerability exists in Ruby on Rails’ JavaScript Object Notation (JSON) code that could open the Web framework up to a ...

#Vulnerabilities Ruby on Rails XML Processor YA...

net-security.org 22 Jan '13, 6pm

active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and ...

Ruby on Rails receives the third security patch...

news.techworld.com 30 Jan '13, 9am

Developers of the Ruby on Rails web development framework have released versions 3.0.20 and 2.3.16 of the software in orde...

Ruby on Rails by ChrisAlberg

freelancer.com 04 Feb '13, 8am

love talk greater detail design project can samples work site listed please contact convenience best regards juli , thanks...

Weitere kritische Lücke in Ruby on Rails geschl...

heise.de 29 Jan '13, 2pm

Das Ruby-Entwicklerteam hat eine sehr kritische Lücke in dem Web-Framework Ruby on Rails (RoR) geschlossen, durch die ein ...