CVE-2019-5420
This exercise details the exploitation of CVE-2019-5420 to forge a session as another user
This course delves into exploiting a vulnerability in Ruby-on-Rails' development mode, identified as CVE-2019-5420. In this mode, the application derives its session key from the application's name, making it possible for attackers to guess the encryption key if they know the application name. With the encryption key, attackers can decrypt, modify, and re-encrypt session data, effectively allowing them to forge sessions.
The course walks through the process of writing a custom tool to exploit this vulnerability. It guides you through Rails' internals, highlighting critical files and methods like message_encryptor.rb
, key_generator.rb
, and application.rb
. By understanding these components, participants learn to decrypt a session, alter the user_id
, and re-encrypt the session. The exercise concludes with the practical application of these concepts to demonstrate the vulnerability and its impact.