Ruby on Rails JSON Processor YAML Deserialization Code Execution
03 February 2013
A remote exploitation of an input validation error vulnerability in versions prior to 3.0.20, 2.3.16 of Ruby on Rails. The vulnerable application fails to validate specially crafted JSON requests that are processed by the YAML parser. This vulnerability is very similar to CVE-2013-0156.
CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Learn about personal data bankruptcy and the cost of privacy, security and compliance, delivering digital security to a mobile world, and much more.
As ISPs, hosting providers and online enterprises around the world continue suffering the effects of DDoS attacks, often the discussions that follow are, “What is the best way to defend our networks and our customers against an attack?”
The code redirects visitors to another URL where the Fiesta exploit kit is hosted, which then tries to detect and exploit several vulnerabilities in various software. If it succeeds, the visitors are saddled with a banking Trojan.