infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

More explicit title, grammar check on description

bug/bundler_fix
Tod Beardsley 2013-08-09 12:27:45 -05:00
parent 13ea8aaaad
commit 969b380d71
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
modules/exploits/multi/http/rails_secret_deserialization.rb
View File

@ -100,13 +100,13 @@ class Metasploit3 < Msf::Exploit::Remote
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(update_info(info,
'Name' => 'Ruby on Rails Session Cookie Remote Code Execution', 'Name' => 'Ruby on Rails Known Secret Session Cookie Remote Code Execution',
'Description' => %q{ 'Description' => %q{
This module implements Remote Command Execution on Ruby on Rails applications. This module implements Remote Command Execution on Ruby on Rails applications.
Prerequisite is knowledge of the "secret_token" (Rails 2/3) or "secret_key_base" Prerequisite is knowledge of the "secret_token" (Rails 2/3) or "secret_key_base"
(Rails 4). The values for those can be usually found in the file (Rails 4). The values for those can be usually found in the file
"RAILS_ROOT/config/initializers/secret_token.rb". The module achieves RCE by "RAILS_ROOT/config/initializers/secret_token.rb". The module achieves RCE by
deserialization of some crafted Ruby Object deserialization of a crafted Ruby Object.
}, },
'Author' => 'Author' =>
[ [