cve-2019-5420 II

This exercise details the exploitation of CVE-2019-5420 to gain code execution

< 1 Hr.
Green Badge


In this course, we delve into a specific vulnerability (CVE-2019-5420) present in Ruby-on-Rails applications running in development mode. The vulnerability arises from the application deriving its session encryption key from the application's name, making it possible for attackers to guess the key if they know the app name. Once the key is known, attackers can decrypt, tamper with, and re-encrypt session data, potentially leading to code execution if the data is serialized using `marshal`.

We begin by understanding the bug and reviewing the patch that addresses it. The course then guides you through a step-by-step exploitation process, leveraging knowledge from previous exercises like `ruby_ugadget` and `CVE-2019-5420`. By following along, you'll learn how to inspect cookie values, use deserialization gadgets, and execute payloads to achieve code execution. The course concludes with practical tips on identifying the issue during code reviews and exploiting ActiveStorage if it is used by the application.

Want to learn more? Get started with PentesterLab Pro! GO PRO