|
|
|
|
|
|
by postmodern_mod3
4887 days ago
|
|
|
YAML does not allow execution of arbitrary Ruby code. Some YAML types allow specifying a custom class, which the Psych YAML parser (default in Ruby 1.9) will call the initialize or []= methods. If you can find a class that eventually evals() input passed to initialize or []=, then you win.
http://ronin-ruby.github.com/blog/2013/01/09/rails-pocs.html |
|
|