Ruby On Rails DoubleTap Development Mode secret_key_base Remote Code Execution
Posted by deepcore on May 3, 2019 – 5:00 am
This Metasploit module exploits a vulnerability in Ruby on Rails. In development mode, a Rails application would use its name as the secret_key_base, and can be easily extracted by visiting an invalid resource for a path. As a result, this allows a remote user to create and deliver a signed serialized payload, load it by the application, and gain remote code execution.
Post a reply
You must be logged in to post a comment.