CVE-2019-5418

This exploit leverages CVE-2019-5418, a directory traversal vulnerability in Ruby on Rails, by manipulating the 'Accept' header to disclose arbitrary file contents. The script sends a crafted HTTP request with a malicious header to read files from the server.

This repository contains a working proof-of-concept for CVE-2019-5418, demonstrating file content disclosure in Ruby on Rails via crafted Accept headers. The exploit leverages a vulnerability in Action View's `render file:` functionality to read arbitrary files on the server.

This repository contains a working exploit for CVE-2019-5418 and CVE-2019-5420, which chain a path traversal vulnerability with a deserialization flaw in Ruby on Rails 5.2.2 to achieve remote code execution (RCE). The exploit retrieves encrypted credentials and the master key, decrypts them, and crafts a malicious request to execute arbitrary code on the server.

This is a multi-threaded Golang scanner designed to identify Ruby endpoints vulnerable to CVE-2019-5418 by attempting to read /etc/passwd via path traversal in the Accept header. It supports both single-target and bulk scanning with various configuration options.

This is a Go-based scanner for CVE-2019-5418, which targets a path traversal vulnerability in Rails applications. It checks for the presence of '/usr/sbin/nologin' in the response body, indicating a vulnerable system, and logs results to 'rails.log'.

This repository contains a working proof-of-concept for CVE-2019-5418, a file content disclosure vulnerability in Rails. The exploit leverages the Accept header to trigger a path traversal, exposing sensitive files like /etc/passwd.

This is a functional exploit for CVE-2019-5418, a directory traversal vulnerability in Ruby on Rails. It allows arbitrary file reads via crafted Accept headers and includes brute-forcing capabilities for sensitive files.

This PoC exploits CVE-2019-5418, a path traversal vulnerability in Ruby on Rails that allows unauthorized access to arbitrary files by manipulating the render file parameter. The script checks for the presence of the vulnerability by attempting to read the /robots file and verifying if the response contains 'root'.

The repository contains a Python script that scans for CVE-2019-5418, a path traversal vulnerability in Ruby on Rails. It sends a crafted HTTP request with a malicious Accept header to attempt reading /etc/passwd and checks for a specific string in the response to determine vulnerability.

This repository provides a proof-of-concept for CVE-2019-5418, a path traversal vulnerability in Ruby on Rails that allows arbitrary file reads via manipulated Accept headers. The PoC includes a Docker-based environment for testing and a curl command to exploit the vulnerability.

This repository contains a proof-of-concept (PoC) application for CVE-2019-5418, a vulnerability in Rails 3. The PoC demonstrates the vulnerability by rendering a README file, but does not include explicit exploit code or payloads.

This repository contains a working proof-of-concept for CVE-2019-5418, a directory traversal vulnerability in Rails. The exploit demonstrates how an attacker can read arbitrary files on the server by manipulating the Accept header.

This Metasploit module exploits CVE-2019-5418, a path traversal vulnerability in Ruby on Rails versions <= 5.2.2, to read arbitrary files on the target server by manipulating the 'Accept' header.