Exploiting Arbitrary File Write Vulnerability in Restricted Rails Apps via Bootsnap for Remote Code Execution (RCE)

This repository contains a vulnerable application and corresponding exploits to demonstrate a technique for obtaining remote code execution (RCE) through arbitrary file writes in restricted Rails apps via Bootsnap.

You can read the details in this blogpost here.

Running the vulnerable app

cd vulnerable_app
docker build -t my-app .
docker run --rm -p 3000:3000 --name my-app -e RAILS_MASTER_KEY=50584fc86b1efe7e0760f2b28f31744b my-app

Installing required gem for the exploits

gem install httparty

Running the exploit

ruby xpl.rb

Running the exploit with database

ruby xpl_db.rb

Name		Name	Last commit message	Last commit date
Latest commit History 7 Commits
vulnerable_app		vulnerable_app
README.md		README.md
gen_db.rb		gen_db.rb
ruby_database.json		ruby_database.json
xpl.rb		xpl.rb
xpl_db.rb		xpl_db.rb

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Exploiting Arbitrary File Write Vulnerability in Restricted Rails Apps via Bootsnap for Remote Code Execution (RCE)

Running the vulnerable app

Installing required gem for the exploits

Running the exploit

Running the exploit with database

About

Releases

Packages

Languages

convisolabs/rails_arb_file_write_bootsnap

Folders and files

Latest commit

History

Repository files navigation

Exploiting Arbitrary File Write Vulnerability in Restricted Rails Apps via Bootsnap for Remote Code Execution (RCE)

Running the vulnerable app

Installing required gem for the exploits

Running the exploit

Running the exploit with database

About

Topics

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages