CVE-2011-3187

Ruby on Rails 3.0.5 - Improper Input Validation in X-Forwarded-For Header

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-3187. PoCs published by Jimmy Bandit.

AI-analyzed exploit summary This exploit demonstrates HTTP header injection in Ruby on Rails 3.0.5 by manipulating the 'X-Forwarded-For' header to inject arbitrary data, including spoofed IPs and binary payloads, affecting log files and potentially enabling date back attacks or DoS.

Description

The to_s method in actionpack/lib/action_dispatch/middleware/remote_ip.rb in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP addresses on a Class C network, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jimmy Bandit · rubyremotemultiple

https://www.exploit-db.com/exploits/35352

View Code ZIP pw:eip

This exploit demonstrates HTTP header injection in Ruby on Rails 3.0.5 by manipulating the 'X-Forwarded-For' header to inject arbitrary data, including spoofed IPs and binary payloads, affecting log files and potentially enabling date back attacks or DoS.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Ruby on Rails 3.0.5

No auth needed

Prerequisites: Network access to the target server · Target server must be on the same subnet as the attacker

MITRE ATT&CK