CVE-2020-8165

This repository contains a functional exploit for CVE-2020-8165, a deserialization vulnerability in Ruby on Rails. The exploit leverages the `ActiveSupport::Deprecation::DeprecatedInstanceVariableProxy` class to achieve remote code execution (RCE) by crafting a malicious payload that is deserialized when processed by the Rails application.

This repository contains a functional Python exploit for CVE-2020-8165, targeting Rails applications with vulnerable MemCacheStore/RedisCacheStore deserialization. The exploit crafts a malicious payload to achieve remote code execution (RCE) via object unmarshaling.

This repository contains a functional exploit PoC for CVE-2020-8165, demonstrating a deserialization vulnerability in Rails < 5.2.4.3 and < 6.0.3.1. The PoC includes a Dockerized Rails application with a vulnerable caching mechanism that can be exploited to achieve RCE via crafted payloads.

This repository contains a functional exploit for CVE-2020-8165, targeting a deserialization vulnerability in Ruby on Rails. The script automates user creation, login, and payload delivery to achieve remote code execution via a crafted serialized object.

The repository contains only a GitLab CI configuration file with no exploit code or technical details related to CVE-2020-8165. It appears to be a placeholder or incomplete repository.

This repository contains a functional exploit PoC for CVE-2020-8165, demonstrating a deserialization vulnerability in Rails applications using Redis cache stores. The exploit leverages unsafe deserialization of user-controlled input passed to the Redis cache.

This repository contains a functional exploit for CVE-2020-8165, which leverages a deserialization vulnerability in the target software to achieve remote code execution (RCE). The exploit automates user creation, login, and payload delivery to trigger a reverse shell.

This exploit leverages a deserialization vulnerability in the target software to achieve remote code execution (RCE) via a crafted payload. It automates user creation, login, and payload delivery to trigger a reverse shell.