2 Videos for CVE-2013-0156: Rails Object Injection

PRO
Tier
Medium
< 1 Hr.
3951
image of exercise CVE-2013-0156: Introduction
Access to videos for this exercise is only available with PentesterLab PRO GOPRO
CVE-2013-0156: Introduction

In this video, we discuss the CVE-2013-0156 vulnerability affecting Ruby on Rails, which allowed attackers to achieve code execution on the server due to flawed XML parsing. We highlight the versions impacted and provide an overview of how Rails' XML parser could be exploited.

video duration icon05:30 number of views icon898

 

image of exercise CVE-2013-0156 - exploitation
Access to videos for this exercise is only available with PentesterLab PRO GOPRO
Spoiler
CVE-2013-0156 - exploitation

In this video, we explore the exploitation of CVE-2013-0156 as part of the Serialize Badge. We demonstrate how to use Docker to avoid installing dependencies on your local system and show steps for executing Ruby code to exploit the vulnerability.

video duration icon04:48 number of views icon5256