search

lucasallan / CVE-2020-8163

CVE-2020-8163 - Remote code execution of user-provided local names in Rails
62 stars 12 forks source link

Installation Guide is added. #2

Open EmreOvunc opened 4 years ago

EmreOvunc commented 4 years ago

Installation Guide is added.

A step-by-step guide has been added for those who do not know how to install. It also solves the #1 issue.

cckuailong commented 3 years ago

I create a docker image to make the vul target easier.

docker pull vultarget/rails_ruby_rce-cve_2020_8163:4.2.11.1 docker run -it -p 3000:3000 -d vultarget/rails_ruby_rce-cve_2020_8163:4.2.11.1

you can the payload

Just run

ruby exploit.rb http://xxx:3000/main/index "touch /tmp/success"