METASPLOIT-modules/auxiliary/gather/rails_doubletap_file_read.rb

METASPLOIT ruby WORKING POC

Exploit for CVE-2019-5418 - Ruby On Rails File Content Disclosure (

AI Analysis

This Metasploit module exploits CVE-2019-5418, a path traversal vulnerability in Ruby on Rails versions <= 5.2.2, to read arbitrary files on the target server by manipulating the 'Accept' header.

Attack Type

info_leak

Complexity

trivial

Reliability

reliable

MITRE ATT&CK

T1005 - Data from Local System T1083 - File and Directory Discovery

Loading exploit code...

Download ZIP Password: eip

Source

Platform Metasploit

Type poc

Language ruby

Files 1

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/rails_doubletap_file_read.rb

Authors

Carter Brainerd John Hawthorn

Vulnerability

CVE-2019-5418

Ruby On Rails File Content Disclosure (

HIGH KEV

CVSS 7.5