Exploiting CVE-2019–5418- File Content Disclosure on Rails
1 min readFeb 13, 2022
In Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1, and v3, a File Content Disclosure vulnerability exists where properly designed accept headers can reveal the contents of arbitrary files on the target system’s filesystem.
Proof-of-Concept:
- Using burpsuite you can match and replace any header(This setting is used to automatically replace parts of requests and responses passing through proxy).
- Go to Proxy -> Options -> Match and Replace -> Add new Item as provided in the screenshot below:
3. To obtain crucial information, you might use a number of payloads.
../../../../../../../../../../etc/hosts{{
../../../../../../../../../../etc/passwd{{
4. A screenshot of the exploitation’s result provided below.
Refrences:
Thanks for reading!