CVE-2021-33564 Argument Injection in Ruby Dragonfly

Bookmarked!

This exercise covers how you can get arbitrary file read using CVE-2021-33564 against Refinery CMS

PRO Medium < 1 Hr. 149 Media Badge

Course

This challenge is based on ZX Security's discovery of CVE-2021-33564, an argument injection vulnerability in Ruby Dragonfly. Your goal is to exploit this issue to read the file <code>/myapp/key.txt</code>.

Skills covered

Injection Operating System Network

CWE-88

Ready to practice?

Get access to this lab and 600+ hands-on exercises with a PRO subscription.

Go PRO or create a free account