search

lucasallan / CVE-2020-8163

CVE-2020-8163 - Remote code execution of user-provided local names in Rails
62 stars 12 forks source link

Installation process? #1

Open PunitTailor55 opened 4 years ago

PunitTailor55 commented 4 years ago

Hi Sir! I would like to try this vulnerability in my local machine. could you possibly provide installation steps or Docker installation? Thank you in advance

EmreOvunc commented 4 years ago

You can check my pull request -> https://github.com/sh286/CVE-2020-8163/pull/2

cckuailong commented 3 years ago

I create a docker image to make the vul target easier.

docker pull vultarget/rails_ruby_rce-cve_2020_8163:4.2.11.1 docker run -it -p 3000:3000 -d vultarget/rails_ruby_rce-cve_2020_8163:4.2.11.1

you can the payload

Just run

ruby exploit.rb http://xxx:3000/main/index "touch /tmp/success"