SHELLCODE: Shikata Ga Nai Encoder Routine Over HTTP (1)

Extended Description

Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method.

Affected Products

Rubyonrails ruby_on_rails

References

BugTraq: 36954 57760

CVE: CVE-2021-42840

URL: https://raw.githubusercontent.com/pedrib/PoC/master/advisories/novell-service-desk-7.1.0.txt http://seclists.org/bugtraq/2016/Apr/64 http://www.checkpoint.com/threatcloud-central/articles/2014-01-28-tc-researchers-discover.html https://bugzilla.wikimedia.org/show_bug.cgi?id=60339 http://www.splunk.com/view/SP-CAAAGMM http://www.sec-1.com/blog/?p=233 http://haxx.ml/post/140552592371/remote-code-execution-in-apache-jetspeed-230-and https://portals.apache.org/jetspeed-2/security-reports.html#CVE-2016-0709 https://portals.apache.org/jetspeed-2/security-reports.html#CVE-2016-0710 http://werkzeug.pocoo.org/docs/0.10/debug/#enabling-the-debugger http://pastie.org/pastes/10527766/text?key=wq1hgkcj4afb9ipqzllsq http://blog.checkpoint.com/2015/11/05/check-point-discovers-critical-vbulletin-0-day/ https://www.mantisbt.org/bugs/view.php?id=17725 https://www.mantisbt.org/bugs/view.php?id=17780 https://nodesecurity.io/advisories/bassmaster_js_injection http://openwall.com/lists/oss-security/2015/06/16/18 https://groups.google.com/forum/message/raw?msg=rubyonrails-security/lzmz9_ijUFw/HBMPi4zp5NAJ https://hackerone.com/reports/44513 http://blog.curesec.com/article/blog/Bolt-224-Code-Execution-44.html https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html https://phabricator.wikimedia.org/T158689 https://securify.nl/advisory/SFY20170201/syntaxhighlight_mediawiki_extension_allows_injection_of_arbitrary_pygments_options.html https://github.com/opsxcq/exploit-CVE-2016-10033 https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html http://robertheaton.com/2013/07/22/how-to-hack-a-rails-app-using-its-secret-token/ http://tomcat.apache.org/tomcat-5.5-doc/manager-howto.html http://blog.pages.kr/1307 https://community.rapid7.com/community/metasploit/blog/2016/09/15/important-security-fixes-in-metasploit-4120-2016091401 https://github.com/justinsteven/advisories/blob/master/2016_metasploit_rce_static_key_deserialization.md http://blog.curesec.com/article/blog/NibbleBlog-403-Code-Execution-47.html http://karmainsecurity.com/KIS-2013-07 http://karmainsecurity.com/KIS-2013-08 http://itsecuritysolutions.org/2012-08-13-TestLink-1.9.3-multiple-vulnerabilities/ http://kb.netgear.com/000036386/CVE-2016-582384 http://www.s3cur1ty.de/m1adv2013-004 http://hatriot.github.io/blog/2014/06/29/gitlist-rce/ http://www.s3cur1ty.de/m1adv2013-012 https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface https://docs.docker.com/engine/reference/commandline/dockerd/#bind-docker-to-another-hostport-or-a-unix-socket http://www.harmj0y.net/blog/empire/empire-fails/ http://seclists.org/fulldisclosure/2014/Oct/78 http://www.s3cur1ty.de/m1adv2013-001 https://pentest.blog/advisory-denyall-web-application-firewall-unauthenticated-remote-code-execution/ http://www.seagate.com/au/en/support/external-hard-drives/network-storage/business-storage-2-bay-nas/ https://beyondbinary.io/advisory/seagate-nas-rce/ https://raw.githubusercontent.com/pedrib/PoC/master/advisories/nuuo-nvr-vulns.txt http://seclists.org/bugtraq/2016/Aug/45 https://pentest.blog/unexpected-journey-3-visiting-another-siem-and-uncovering-pre-auth-privileged-remote-code-execution/ https://github.com/rapid7/metasploit-framework/pull/8245 http://www.s3cur1ty.de/m1adv2013-008 https://warroom.securestate.com/dcos-marathon-compromise/ https://tiki.org/article414-Important-Security-Fix-for-all-versions-of-Tiki http://www.s3cur1ty.de/m1adv2013-015 http://www.devttys0.com/2014/05/hacking-the-dspw215-again/ http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=305 https://www.kb.cert.org/vuls/id/582384 https://community.rapid7.com/community/metasploit/blog/2015/10/09/r7-2015-17-hp-sitescope-dns-tool-command-injection http://www8.hp.com/us/en/software-solutions/sitescope-application-monitoring/index.html http://downloads.solarwinds.com/solarwinds/Release/HotFix/FSM-v6.6.5-HotFix1.zip http://www.pwnag3.com/2012/01/sysax-multi-server-550-exploit.html http://www.mattandreko.com/2012/07/sysax-564-http-remote-buffer-overflow.html http://www.nessus.org/plugins/index.php?view=single&id=11771 https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03969437 http://www.websecuritywatch.com/xxe-arbitrary-code-execution-in-ektron-cms/ http://seclists.org/fulldisclosure/2014/Oct/34 http://www.novell.com/support/kb/doc.php?id=7011895 http://www.corelan.be:8800/advisories.php?id=CORELAN-10-061 http://seclists.org/fulldisclosure/2015/Sep/66 https://support.zoho.com/portal/manageengine/helpcenter/articles/pgsql-submitquery-do-vulnerability http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html http://security-assessment.com/files/documents/advisory/Kaseya%20File%20Upload.pdf https://github.com/edwardz246003/IIS_exploit https://0patch.blogspot.com/2017/03/0patching-immortal-cve-2017-7269.html http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140512_00 https://bugzilla.mozilla.org/show_bug.cgi?id=630919 http://www.mozilla.org/security/announce/2011/mfsa2011-13.html http://dev.tiki.org/item4109 http://www.vicidial.org/VICIDIALmantis/view.php?id=1016 http://blog.sucuri.net/2014/12/security-advisory-high-severity-wordpress-download-manager.html http://www.opensyscom.fr/Actualites/wordpress-plugins-asset-manager-shell-upload-vulnerability.html http://archives.neohapsis.com/archives/bugtraq/2009-11/0166.html http://www.openx.org/docs/2.8/release-notes/openx-2.8.2 http://php.net/manual/en/function.getimagesize.php http://gynvael.coldwind.pl/?id=223 http://gynvael.coldwind.pl/?id=224 http://gynvael.coldwind.pl/?id=235 http://programming.arantius.com/the+smallest+possible+gif http://stackoverflow.com/questions/2253404/what-is-the-smallest-valid-jpeg-file-size-in-bytes http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php http://labs.neohapsis.com/2009/04/06/about-cve-2009-1151/ http://wordpress.org/support/topic/pwn3d http://www.acunetix.com/blog/web-security-zone/wp-plugins-remote-code-execution/ https://www.mogwaisecurity.de/advisories/MSA-2015-01.txt http://www.osirt.com/2013/11/wordpress-optimizepress-hack-file-upload-vulnerability/