adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Adding new lines

Browse Source
This commit is contained in:
itsmeroy2012
2017-04-08 20:17:23 +05:30
committed by h00die
parent 88f6c90d4d
commit b7562e5c36
1 changed files with 10 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
documentation/modules/exploit/multi/http/rails_web_console_v2_code_exec.md
+10 -3
View File
@@ -3,7 +3,9 @@
This module exploits an IP whitelist bypass vulnerability in the developer web console included with Ruby on Rails 4.0.x and 4.1.x. This module will also achieve code execution on Rails 4.2.x if the attack is launched from a whitelisted IP range.
## Verification Steps
**Prerequisites :**
**Prerequisites:**
```
$ gem install rails -v 4.2.6
$ rails new taco
@@ -15,18 +17,23 @@ $ bundle
$ rails server
```
**Installing nodejs :**
**Installing nodejs:**
```
sudo apt-get install nodejs
```
**Launch msfconsole :**
**Launch msfconsole:**
1. Do: ```use exploit/multi/http/rails_web_console_v2_code_exec```
2. Do: ```set RHOSTS [IP]```
3. Do: ```set RPORT [Port]```
4. Do: ```run```
## Sample Output
### Rails version 4.2.6
```
msf > use exploit/multi/http/rails_web_console_v2_code_exec
msf exploit(rails_web_console_v2_code_exec) > set RHOST 192.168.0.106