Full title: Metasploit Web UI Static secret_key_base Value Exploit 
Category: remote exploits
Platform: multiple
This module exploits the Web UI for Metasploit Community, Express and Pro where one of a certain set of Weekly Releases have been applied. These Weekly Releases introduced a static secret_key_base value. Knowledge of the static secret_key_base value allows for deserialization of a crafted Ruby Object, achieving code execution. This module is based on exploits/multi/http/rails_secret_deserialization

# 0day.today @ http://0day.today/