Exploit Ruby on Rails 1.2.3 To_JSON - Script Injection

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
30089
Проверка EDB
  1. Пройдено
Автор
BCC
Тип уязвимости
REMOTE
Платформа
LINUX
CVE
cve-2007-3227
Дата публикации
2007-05-25
Код:
source: https://www.securityfocus.com/bid/24161/info

Ruby on Rails is prone to a script-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied script code would run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

This issue affects Ruby on Rails 1.2.3; other versions may also be affected. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/30089.tgz
 
Источник
www.exploit-db.com

Похожие темы