Command substitution for code execution via Ruby’s send() method
I am working on a challenge that involves getting code execution on a Ruby application hosted on Nginx. One of the ruby controllers seems to have been using unsanitized user input as part of the send() method which leads to arbitrary code … Continue reading Command substitution for code execution via Ruby’s send() method