Ruby on Rails Object Injection Vulnerability (CVE-2013-0156) Scanner

Details
Stay Up To Date
Asset Type

DOMAIN,IP

Need Membership

Yes

Asset Verify

Yes

API Support

Yes

Estimate Time (Second)

15

Ruby on Rails Object Injection Vulnerability (CVE-2013-0156) Scanner Detail

Detects Ruby on Rails servers vulnerable to object injection, remote command executions and denial of service attacks. (CVE-2013-0156)

All Ruby on Rails versions before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 are vulnerable. This script sends 3 harmless YAML payloads to detect vulnerable installations. If the malformed object receives a status 500 response, the server is processing YAML objects and therefore is likely vulnerable.

References:

Some Advice for Common Problems

You may need to adjust your payload settings if the server was detected as vulnerable but you did not receive a session.

Community Discussions

Need a Full Assesment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service