Ruby 2.x Universal RCE Deserialization Gadget Chain

This exercise covers how to get code execution by using a Ruby Universal Gadget when an attacker controls the data passed to Marshal.load()

PRO

content

EASY

Difficulty

Less than an hour

on average

322

Completed this exercise

Course

Online access to this exercise is only available with PentesterLab PRO

Make sure you check out PentesterLab PRO and PentesterLab PRO Enterprise to develop your skills.