CVE-2013-0156: Rails Object Injection

Bookmarked!

This exercise covers the exploitation of a code execution in Ruby-on-Rails using XML and YAML.

PRO Medium < 1 Hr. 4053 Serialize Badge

Course

This course explores the exploitation of CVE-2013-0156, a vulnerability in Ruby on Rails that allows for arbitrary code execution through XML deserialization. By adapting a public exploit, learners will gain hands-on experience in achieving code execution on a server.

Skills covered

Injection Operating System Network

CWE-20

Included with PRO

Full course content 2 videos Common mistakes

Ready to practice?

Get access to this lab and 600+ hands-on exercises with a PRO subscription.

Go PRO or create a free account