Web Console Version 0.1B3/14/2023 The first part is to get 404 on the Rails application. When dealing with web, I like to use python requests library since it is very easy to use. If the whitelisted IP is localhost, you might need to use local proxy to exploit this application. This exploit is also affect code execution on Rails 4.2.x if the attack is launched from whitelisted IP range. This cause in Remote Code Execution (RCE) to target web application. The exploit is to craft remote request to spoof their origin and bypassing the IP whitelist to use the web console. The vulnerability relies on IP whitelist in the developer web console so that only allowed IP can view the web console. This exploits are in the wild and affecting all Ruby on Rails web application version 4.0.x and 4.1.x where the web console is enable which is default to development and test environment. This post is to get you understanding on the vulnerability and ways to exploit.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |