infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add a note about ruby 1.9 requirements

bug/bundler_fix
HD Moore 2013-01-10 17:10:03 -06:00
parent c89b2b2ec6
commit 9c652d1d55
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
modules/exploits/multi/http/rails_xml_yaml_code_exec.rb
View File

@ -23,13 +23,18 @@ class Metasploit3 < Msf::Exploit::Remote
any ruby code remotely in the context of the application.
This module has been tested across multiple versions of RoR 3.x and RoR 2.x
The technique used by this module requires the target to be running a fairly version
of Ruby 1.9 (since 2011 or so). Applications using Ruby 1.8 may still be
exploitable using the init_with() method, but this has not been demonstrated.
},
'Author' =>
[
'charliesome', # PoC
'espes', # PoC and Metasploit module
'lian', # Identified the RouteSet::NamedRouteCollection vector
'hdm' # Module merge/conversion/payload work
'espes', # PoC and Metasploit module
'lian', # Identified the RouteSet::NamedRouteCollection vector
'hdm' # Module merge/conversion/payload work
],
'License' => MSF_LICENSE,
'References' =>