CVE-2015-3224
NUCLEIrubyonrails/web_console < 2.1.2 and rubygems/web-console < 2.1.3 - Improper Access Control via X-Forwarded-For Header
Title source: llmExploitation Summary
EIP tracks 7 public exploits for CVE-2015-3224.
PoCs published by Metasploit, 0xEval, 0x00-0x00, including Metasploit module exploits/multi/http/rails_web_console_v2_code_exec.
A Nuclei detection template is also available.
AI-analyzed exploit summary This Metasploit module exploits CVE-2015-3224, an IP whitelist bypass vulnerability in Ruby on Rails Web Console (v2), allowing remote code execution by injecting payloads via manipulated HTTP headers and session data.
Description
request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request.
Exploits (7)
This Metasploit module exploits CVE-2015-3224, an IP whitelist bypass vulnerability in Ruby on Rails Web Console (v2), allowing remote code execution by injecting payloads via manipulated HTTP headers and session data.
This exploit leverages an IP whitelist bypass vulnerability in Ruby on Rails Web Console (v2) to execute arbitrary commands. It probes for the console path and spawns an interactive shell by sending commands via HTTP PUT requests with crafted headers.
This is a modified Metasploit module for CVE-2015-3224, which exploits an IP whitelist bypass vulnerability in Ruby on Rails Web Console v2 to achieve remote code execution. The modification allows arbitrary command execution instead of just reverse/bind shells.
This is a functional Node.js exploit for CVE-2015-3224, targeting Ruby on Rails applications with vulnerable `web-console` gem versions. It bypasses IP whitelist protection via spoofed `X-Forwarded-For` headers to achieve unauthenticated RCE.
This repository contains a Python script that exploits CVE-2015-3224, an IP whitelist bypass vulnerability in Ruby on Rails 4.0.x and 4.1.x, allowing remote code execution via the web console by spoofing the X-Forwarded-For header.
This PoC exploits CVE-2015-3224, a command injection vulnerability in the web console of the target software. It downloads and executes a reverse shell script (pty.py) via a malicious HTTP request, establishing a connection back to the attacker.
This Metasploit module exploits CVE-2015-3224, an IP whitelist bypass in Ruby on Rails Web Console (v2), allowing remote code execution via crafted HTTP requests with manipulated headers.