Deserialisation
md на github о десере в Ruby: https://github.com/httpvoid/writeups/blob/main/Ruby-deserialization-gadget-on-rails.md
Marshal.load(<user_input>) = RCE
Ruby Marshal+Base64 RCE payload playground/generator: https://repl.it/@allyshka/Ruby-RCE-with-Marshalload
Other guide: https://www.elttam.com/blog/ruby-deserialization/
YAML.load(<user_input>) = RCE
Rails 5.1.4 YAML unsafe deserialization RCE payload
Example: https://gist.github.com/niklasb/df9dba3097df536820888aeb4de3284f
Точно работает на Rails 5.1.4
Пример payload:
Last updated