Ruby on Rails Object Injection Vulnerability (CVE-2013-0156) Scanner

Stay Up To Date
Asset Type


Need Membership


Asset Verify


API Support


Estimate Time (Second)


Ruby on Rails Object Injection Vulnerability (CVE-2013-0156) Scanner Detail

Detects Ruby on Rails servers vulnerable to object injection, remote command executions and denial of service attacks. (CVE-2013-0156)

All Ruby on Rails versions before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 are vulnerable. This script sends 3 harmless YAML payloads to detect vulnerable installations. If the malformed object receives a status 500 response, the server is processing YAML objects and therefore is likely vulnerable.


Some Advice for Common Problems

You may need to adjust your payload settings if the server was detected as vulnerable but you did not receive a session.

Need a Full Assessment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service