CVE-2015-3224

This Metasploit module exploits CVE-2015-3224, an IP whitelist bypass vulnerability in Ruby on Rails Web Console (v2), allowing remote code execution by injecting payloads via manipulated HTTP headers and session data.

This exploit leverages an IP whitelist bypass vulnerability in Ruby on Rails Web Console (v2) to execute arbitrary commands. It probes for the console path and spawns an interactive shell by sending commands via HTTP PUT requests with crafted headers.

This is a modified Metasploit module for CVE-2015-3224, which exploits an IP whitelist bypass vulnerability in Ruby on Rails Web Console v2 to achieve remote code execution. The modification allows arbitrary command execution instead of just reverse/bind shells.

This is a functional Node.js exploit for CVE-2015-3224, targeting Ruby on Rails applications with vulnerable `web-console` gem versions. It bypasses IP whitelist protection via spoofed `X-Forwarded-For` headers to achieve unauthenticated RCE.

This repository contains a Python script that exploits CVE-2015-3224, an IP whitelist bypass vulnerability in Ruby on Rails 4.0.x and 4.1.x, allowing remote code execution via the web console by spoofing the X-Forwarded-For header.

This PoC exploits CVE-2015-3224, a command injection vulnerability in the web console of the target software. It downloads and executes a reverse shell script (pty.py) via a malicious HTTP request, establishing a connection back to the attacker.

This Metasploit module exploits CVE-2015-3224, an IP whitelist bypass in Ruby on Rails Web Console (v2), allowing remote code execution via crafted HTTP requests with manipulated headers.