|
|
|
|
|
|
by masklinn
1435 days ago
|
|
|
> I'm guessing that's because the time zone is included in the "date modified" field, but that's just a hunch. From reading the description it looks like the second line, if present, is just (somehow) loaded as a ruby file. So this is exploitable on a file upload if you can find the destination location of the upload data. More generally if you can get a ruby script on the FS somehow, and this is accessible from the tzinfo-gem via a relative path, and you can probe the FS (but depending on the error feedback the vulnerability itself could provide the probing tool, if it lets you discriminate between EFILE and EEXIST… or if rails has a standard upload path and the average application will almost certainly be using that) |
|
|