来源

关联漏洞

描述

This script is specifically designed to solve the challenge on PentesterLab for the CVE-2013-0156 exploit

介绍

# Original Script Reference
For more details on the original exploit script, refer to the gist link [CVE-2013-0156](https://gist.github.com/postmodern/4499206)

# CVE-2013-0156 Exploit Script
This script is specifically designed to solve the challenge on **PentesterLab** for the CVE-2013-0156 exploit. You can access the challenge here: [PentesterLab - CVE-2013-0156 Challenge](https://pentesterlab.com/exercises/cve-2013-0156).

This Python script is designed to exploit the **CVE-2013-0156** vulnerability, a critical **remote code execution (RCE)** issue in Ruby on Rails applications caused by insecure deserialization of YAML objects. The vulnerability allows an attacker to inject arbitrary code through a crafted YAML payload, leading to code execution on the target server.

## Features

- **Payload Injection**: The script sends a crafted XML payload to the target URL, exploiting the deserialization vulnerability in vulnerable Rails applications (Rails 2.x and 3.x).
- **Customizable Target Version**: Supports specifying whether the target is Rails 2.x or 3.x, allowing more control over payload format.
- **Formatted Output**: The script presents a well-structured and visually appealing output with color-coded request and response details, making it easy to track the exploit's status and response.
- **Success Notification**: Upon successful exploitation, the script notifies the user that the exploit has been executed successfully.

## Usage

### Installation

Make sure you have the required Python packages installed by running:

```bash
pip install requests colorama pyyaml
```
## Running the Script
```bash
python exploit.py <URL> <PAYLOAD> [rails3|rails2] [--show ]
```
### Example

```bash
  python exploit.py http://example.com/payload example_payload rails3 --show
```
------
## Example Output
Upon successful execution, the script will display a color-coded output with the following sections:

Request: Shows the URL, headers, and the XML payload being sent.
Response: Displays the status code and the response body (truncated for large responses).
Success/Failure Notification: Notifies you if the exploit was successful or if any error occurred.

## Important Notes
Use Responsibly: This script is designed for educational purposes and should only be used on systems you have permission to test. Unauthorized exploitation of this vulnerability is illegal and unethical.
Rails Versions: This script supports Rails 3.x and 2.x. Ensure the target is running a vulnerable version of Rails before attempting the exploit.

文件快照

 [4.0K]  /data/pocs/c132e75ede117f97fdbb4f24ed985887e57c11f8
├── [5.8K]  cve-2013-0156.py
└── [2.5K]  README.md

0 directories, 2 files

备注