mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-30 18:56:19 +00:00
1.3 KiB
1.3 KiB
CVE-2013-0333
Description
lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication via crafted data that triggers unsafe decoding, a different vulnerability than CVE-2013-0156.
POC
Reference
No PoCs from references.
Github
- https://github.com/Fa1c0n35/Web-CTF-Cheatshee
- https://github.com/Zxser/Web-CTF-Cheatsheet
- https://github.com/duckstroms/Web-CTF-Cheatsheet
- https://github.com/heroku/heroku-CVE-2013-0156
- https://github.com/heroku/heroku-CVE-2013-0333
- https://github.com/mengdaya/Web-CTF-Cheatsheet
- https://github.com/mrhenrike/Hacking-Cheatsheet
- https://github.com/pwnosec/CTF-Cheatsheet
- https://github.com/superfish9/pt
- https://github.com/w181496/Web-CTF-Cheatsheet
- https://github.com/whitequark/disable_eval