Ruby CVEs

Бписок CVEs: https://www.ruby-lang.org/ru/security/

Deserialization

CVE-2020-8165 Deserialization

ОписаниС: https://hackerone.com/reports/413388

ΠŸΡ€ΠΎΠ²Π΅Ρ€ΠΊΠ°: ΠΈΡ‰Π΅ΠΌ Π² ΠΊΠΎΠ΄Π΅ raw: true

CVE-2020-8165 - дСсСр Π² Ruby on Rails. Test Lab: https://github.com/masahiro331/CVE-2020-8165

CVE-2019-5420 Active Storage RCE Deser

Active Storage β€” ΠΌΠ΅Ρ…Π°Π½ΠΈΠ·ΠΌ Π² Rails, ΠΎΠ±Π»Π΅Π³Ρ‡Π°ΡŽΡ‰ΠΈΠΉ Π·Π°Π³Ρ€ΡƒΠ·ΠΊΡƒ Ρ„Π°ΠΉΠ»ΠΎΠ² Π² ΠΎΠ±Π»Π°Ρ‡Π½Ρ‹Π΅ Ρ…Ρ€Π°Π½ΠΈΠ»ΠΈΡ‰Π° Π΄Π°Π½Π½Ρ‹Ρ… (Amazon S3, Google Cloud Storage).

ДоступСн ΠΏΠΎ URL'Π°ΠΌ /rails/active_storage/*

НапримСр: /rails/active_storage/disk/<base64-message>--<sign>

PoC: https://github.com/knqyf263/CVE-2019-5420

ПолноС описаниС: https://www.zerodayinitiative.com/blog/2019/6/20/remote-code-execution-via-ruby-on-rails-active-storage-insecure-deserialization

File Read

CVE-2019-5418 File Read

link: https://github.com/mpgn/CVE-2019-5418

Analys: https://blog.pentesterlab.com/cve-2019-5418-on-waf-bypass-and-caching-10e93f9a1981

Π‘ΡƒΡ‚ΡŒ: Π² Accept ставим:

Accept: ../../../../../../../../etc/passwd{{

Last updated