|
|
|
|
|
|
by kapilkale
4909 days ago
|
|
|
I posted about this a little bit further up. Run the exploit code on your local server and ensure that no parameters are getting logged. You can test by running this ruby file: https://gist.github.com/4499206 $ ruby rails_rce.rb http://localhost:3000 param "User.destroy_all"
Monitor your server and ensure it is disregarding the post parameters. |
|
|