Ruby Deserialization - Gadget on Rails by Harsh Jaiswal In | PT SWARM
Ruby Deserialization - Gadget on Rails
by Harsh Jaiswal
In this writeup research team went over the current state of previous ruby deserialization gadget chains and the process of finding new RCE gadgets. Researchers went over the fixes of previous gadget chains and found a new way to achive remote code execution on latest Rails framework.
Contents: • Motivation • Pre-Requisite • Current State of Previous Gadgets • File Write and File Execution Gadget •• BackStory •• Initial File Write • Moving away from DeprecatedInstanceVariableProxy class •• How we initiated the search? •• Latest Rails Remote Code Execution Gadget • Conclusion
Positive Technologies Offensive Team: twitter.com/ptswarm. This is the channel where we share articles/vulnerabilities/scripts/etc, not necessarily authored by us, that we find interesting...
