| ⌘T | go to file |
| ⌘⌃P | go to project |
| ⌘R | go to methods |
| ⌃G | go to line |
| ⌘KB | toggle side bar |
| ⌘⇧P | command prompt |
postmodern
/ rails_rce.rb
Last active
March 5, 2025 00:46
Proof-of-Concept exploit for Rails Remote Code Execution (CVE-2013-0156)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ruby | |
| # | |
| # Proof-of-Concept exploit for Rails Remote Code Execution (CVE-2013-0156) | |
| # | |
| # ## Advisory | |
| # | |
| # https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion | |
| # | |
| # ## Caveats | |
| # |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * A PTRACE_POKEDATA variant of CVE-2016-5195 | |
| * should work on RHEL 5 & 6 | |
| * | |
| * (un)comment correct payload (x86 or x64)! | |
| * $ gcc -pthread c0w.c -o c0w | |
| * $ ./c0w | |
| * DirtyCow root privilege escalation | |
| * Backing up /usr/bin/passwd.. to /tmp/bak | |
| * mmap fa65a000 |
Note : FinalWire, you can keep trying to stop us, but you can't. You know why ? You've been using the same algorithm for 10 years. Changing it would be an inconvenience for you and your customers.
By the way, I'd suggest that you proofread your DMCA requests. If you didn't know, it's "generated" and not "genereated". Also, when referencing to someone's belonging you use the possessive form "their" and not "there".
FOR EDUCATIONAL PURPOSES ONLY, PLEASE SUPPORT THE DEVELOPPERS :)
Check BLACKLISTED for blacklisted keys