Home / os / winmobile

Ruby On Rails DoubleTap Development Mode secret_key_base Remote Code Execution

Posted on 02 May 2019

This Metasploit module exploits a vulnerability in Ruby on Rails. In development mode, a Rails application would use its name as the secret_key_base, and can be easily extracted by visiting an invalid resource for a path. As a result, this allows a remote user to create and deliver a signed serialized payload, load it by the application, and gain remote code execution.

 

TOP

Malware :

Exploits :