2 Videos for CVE-2013-0156: Rails Object Injection

Access to videos for this exercise is only available with PentesterLab PRO
GOPRO
CVE-2013-0156: Introduction
In this video, we discuss the CVE-2013-0156 vulnerability affecting Ruby on Rails, which allowed attackers to achieve code execution on the server due to flawed XML parsing. We highlight the versions impacted and provide an overview of how Rails' XML parser could be exploited.

Access to videos for this exercise is only available with PentesterLab PRO
GOPRO
CVE-2013-0156 - exploitation
In this video, we explore the exploitation of CVE-2013-0156 as part of the Serialize Badge. We demonstrate how to use Docker to avoid installing dependencies on your local system and show steps for executing Ruby code to exploit the vulnerability.