This exercise details the exploitation of CVE-2019-5420 to forge a session as another user

2-4 Hrs.
Green Badge


This course delves into exploiting a vulnerability in Ruby-on-Rails' development mode, identified as CVE-2019-5420. In this mode, the application derives its session key from the application's name, making it possible for attackers to guess the encryption key if they know the application name. With the encryption key, attackers can decrypt, modify, and re-encrypt session data, effectively allowing them to forge sessions.

The course walks through the process of writing a custom tool to exploit this vulnerability. It guides you through Rails' internals, highlighting critical files and methods like `message_encryptor.rb`, `key_generator.rb`, and `application.rb`. By understanding these components, participants learn to decrypt a session, alter the `user_id`, and re-encrypt the session. The exercise concludes with the practical application of these concepts to demonstrate the vulnerability and its impact.

Want to learn more? Get started with PentesterLab Pro! GO PRO