Ruby on Rails - Known Secret Session Cookie Remote Code Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank =...

Ruby on Rails Known Secret Session Cookie Remote Code Execution

This Metasploit module implements remote command execution on Ruby on Rails applications. Prerequisite is knowledge of the "secrettoken" Rails 2/3 or "secretkeybase" Rails 4. The values for those can be usually found in the file "RAILSROOT/config/initializers/secrettoken.rb". The module achieves...