29 Jan '13, 10pm

In case you missed amidst the UPnP hoopla, Metasploit is not vuln to CVE-2013-0333 and has an exploit. The 411:

This afternoon, another scary advisory was posted to the Ruby on Rails security discussion list. Fortunately, this one doesn't affect any Metasploit products. The previous advisory (that HD talked about here ) dealt with Rails parameter parsing of XML from a POST request. The short version is that XML can contain YAML, and YAML lets you deserialize instances of arbitrary classes. The one from this afternoon is very similar except this time it's JSON parsing that can be coerced into into YAML instead of XML parsing. Triggering the bug is relatively simple, just send a request with "Content-Type: application/json" and a bunch of YAML in the body. The result is exactly what we had with the XML -> YAML bug, i.e. you can do one of a few super fun things: Instantiate one of several builtin types including String, Fixnum, DateTime, etc Allocate an arbitrary ruby object and call i...

Full article: https://community.rapid7.com/community/metasploit/blog/20...

Tweets

Ruby on Rails JSON Processor YAML Deserializati...

packetstormsecurity.com 29 Jan '13, 4pm

This Metasploit module exploits a remote code execution vulnerability in the JSON request processor of the Ruby on Rails a...