Ruby 2.x Universal RCE Deserialization Gadget Chain

This exercise covers how to get code execution by using a Ruby Universal Gadget when an attacker controls the data passed to Marshal.load()

PRO

content

Medium difficulty

Less than an hour average completion time

1188 users completed this exercise

Course

Online access to this exercise is only available with PentesterLab PRO

Make sure you check out PentesterLab PRO and PentesterLab PRO Enterprise to develop your skills.