A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit. This PoC code for CVE-2019-5420 escalates the privileges to admin account without the remote code execution itself.
Copy the value of the cookie and replace it with "VALUE_OF_THE_COOKIE" at line 11:
cookie = CGI.unescape "VALUE_OF_THE_COOKIE" # put in the value of your cookie here
Furthermore, replace "NAME::Application" with the name of your application. For example, if the applications name is "test", it would be "test::Application":
secret = Digest::MD5.hexdigest("NAME::Application") # the name of the ruby on rails application, either bruteforce or have to be known directly
Run the exploit and copy the output of the cookie. Replace it with the cookie of the web application:
ruby CVE-2019-5420.rb