2 Videos for CVE-2013-0156: Rails Object Injection

In this video, we discuss the CVE-2013-0156 vulnerability affecting Ruby on Rails, which allowed attackers to achieve code execution on the server due to flawed XML parsing. We highlight the versions impacted and provide an overview of how Rails' XML parser could be exploited.

In this video, we explore the exploitation of CVE-2013-0156 as part of the Serialize Badge. We demonstrate how to use Docker to avoid installing dependencies on your local system and show steps for executing Ruby code to exploit the vulnerability.