2 Videos for CVE-2013-0156: Rails Object Injection

PRO
Tier
difficulty_medium_icon
Medium
clock icon
< 1 Hr.
number of users completed icon
3975
image of exercise CVE-2013-0156: Introduction
play btn
Access to videos for this exercise is only available with PentesterLab PRO GOPRO
CVE-2013-0156: Introduction

In this video, we discuss the CVE-2013-0156 vulnerability affecting Ruby on Rails, which allowed attackers to achieve code execution on the server due to flawed XML parsing. We highlight the versions impacted and provide an overview of how Rails' XML parser could be exploited.

video duration icon05:30 number of views icon928

 

image of exercise CVE-2013-0156 - exploitation
play btn
Access to videos for this exercise is only available with PentesterLab PRO GOPRO
Spoiler
CVE-2013-0156 - exploitation

In this video, we explore the exploitation of CVE-2013-0156 as part of the Serialize Badge. We demonstrate how to use Docker to avoid installing dependencies on your local system and show steps for executing Ruby code to exploit the vulnerability.

video duration icon04:48 number of views icon5297