Home page logo
/
Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News

File http-vuln-cve2013-0156

Script types: portrule
Categories: exploit, vuln
Download: http://nmap.org/svn/scripts/http-vuln-cve2013-0156.nse

User Summary

Detects Ruby on Rails servers vulnerable to object injection, remote command executions and denial of service attacks. (CVE-2013-0156)

All Ruby on Rails versions before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 are vulnerable. This script sends 3 harmless yaml payloads to detect vulnerable installations. If the malformed object receives a status 500 response, the server is processing YAML objects and therefore is likely vulnerable.

References:

TODO:

  • Add argument to exploit cmd exec vuln

Script Arguments

http-vuln-cve2013-0156.uri

Basepath URI (default: /).

http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent

See the documentation for the http library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

vulns.showall

See the documentation for the vulns library.

Example Usage

nmap -sV --script http-vuln-cve2013-0156 <target>
nmap -sV --script http-vuln-cve2013-0156 --script-args uri="/test/" <target>

Script Output

PORT   STATE SERVICE REASON
80/tcp open  http    syn-ack
| http-vuln-cve2013-0156:
|   VULNERABLE:
|   Parameter parsing vulnerabilities in several versions of Ruby on Rails allow object injection, remote command execution and Denial Of Service attacks (CVE-2013-0156)
|     State: VULNERABLE
|     Risk factor: High
|     Description:
|       All Ruby on Rails versions before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 are vulnerable to object injection, remote command execution and denial of service attacks.
|       The attackers don't need to be authenticated to exploit these vulnerabilities.
|
|     References:
|       https://groups.google.com/forum/?fromgroups=#!msg/rubyonrails-security/61bkgvnSGTQ/nehwjA8tQ8EJ
|       https://community.rapid7.com/community/metasploit/blog/2013/01/10/exploiting-ruby-on-rails-with-metasploit-cve-2013-0156
|_      http://cvedetails.com/cve/2013-0156/

Requires


Author: Paulino Calderon <calderon@websec.mx>

License: Same as Nmap--See http://nmap.org/book/man-legal.html

action

action (host, port)

MAIN

Parameters

  • host:
  • port:

Nmap Site Navigation

Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]