Ruby 2.x Universal RCE Deserialization Gadget Chain
This exercise covers how to get code execution by using a Ruby Universal Gadget when an attacker controls the data passed to Marshal.load()
Course
Make sure you check out PentesterLab PRO and PentesterLab PRO Enterprise to develop your skills.