Matthew Bellantoni mjbellantoni

## rails_rce.rb
#!/usr/bin/env ruby
#
# Proof-of-Concept exploit for Rails Remote Code Execution (CVE-2013-0156)
#
# ## Advisory
#
#   https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion
#
# ## Caveats
#

## asset.rake
namespace :assets do
  desc "Display asset path"
  task :paths => :environment do
    Rails.application.config.assets.paths.each do |path|
      puts path
    end
  end
end

## gist:973680
class Hash

  def map(&block)
    mapped_hash = {}
    self.each do |key, value|
      mapped_hash[key] = yield value
    end
    mapped_hash
  end
	#!/usr/bin/env ruby
	#
	# Proof-of-Concept exploit for Rails Remote Code Execution (CVE-2013-0156)
	#
	# ## Advisory
	#
	# https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion
	#
	# ## Caveats
	#
	namespace :assets do
	desc "Display asset path"
	task :paths => :environment do
	Rails.application.config.assets.paths.each do \|path\|
	puts path
	end
	end
	end
	class Hash

	def map(&block)
	mapped_hash = {}
	self.each do \|key, value\|
	mapped_hash[key] = yield value
	end
	mapped_hash
	end