[olug] [OT] Remote Exploit Ruby on Rails Websites

Rob Townley rob.townley at gmail.com
Wed Jan 9 13:52:10 UTC 2013


HDMoore of MetaSploit uses RubyOnRails and takes this exploit
seriously ... i do not think he slept last night judging by his
tweets.
Reminds me of how Internet Explorer would parse and act upon HTML in a
.txt file.

CVE-2013-0156
https://community.rapid7.com/community/metasploit/blog/2013/01/09/serialization-mischief-in-ruby-land-cve-2013-0156



More information about the OLUG mailing list