a todo esto, entonces tu lo unico que cambias es el template no?, osea, no creas en sí el exploit sino que cuando consigues un bof el codigo lo metes en el template y cargas un payload no?
estoy un poco verde
Es esto a lo que te refieres????
1 module ActionView #:nodoc:
2 class Template #:nodoc:
3
4 attr_accessor :locals
5 attr_reader :handler, :path, :extension, :filename, :path_without_extension, :method
6
7 def initialize(view, path, use_full_path, locals = {})
8 @view = view
9 @finder = @view.finder
10
11 # Clear the forward slash at the beginning if exists
12 @path = use_full_path ? path.sub(/^\//, '') : path
13 @view.first_render ||= @path
14 @source = nil # Don't read the source until we know that it is required
15 set_extension_and_file_name(use_full_path)
16
17 @locals = locals || {}
18 @handler = self.class.handler_class_for_extension(@extension).new(@view)
19 end
20
21 def render_template
22 render
23 rescue Exception => e
24 raise e unless filename
25 if TemplateError === e
26 e.sub_template_of(filename)
27 raise e
28 else
29 raise TemplateError.new(self, @view.assigns, e)
30 end
31 end
32
33 def render
34 prepare!
35 @handler.render(self)
36 end
37
38 def source
39 @source ||= File.read(self.filename)
40 end
41
42 def method_key
43 @filename
44 end
45
46 def base_path_for_exception
47 @finder.find_base_path_for("#{@path_without_extension}.#{@extension}") || @finder.view_paths.first
48 end
49
50 def prepare!
51 @view.send :evaluate_assigns
52 @view.current_render_extension = @extension
53
54 if @handler.compilable?
55 @handler.compile_template(self) # compile the given template, if necessary
56 @method = @view.method_names[method_key] # Set the method name for this template and run it
57 end
58 end
59
60 private
61
62 def set_extension_and_file_name(use_full_path)
63 @path_without_extension, @extension = @finder.path_and_extension(@path)
64 if use_full_path
65 if @extension
66 @filename = @finder.pick_template(@path_without_extension, @extension)
67 else
68 @extension = @finder.pick_template_extension(@path).to_s
69 raise_missing_template_exception unless @extension
70
71 @filename = @finder.pick_template(@path, @extension)
72 @extension = @extension.gsub(/^.+\./, '') # strip off any formats
73 end
74 else
75 @filename = @path
76 end
77
78 raise_missing_template_exception if @filename.blank?
79 end
80
81 def raise_missing_template_exception
82 full_template_path = @path.include?('.') ? @path : "#{@path}.#{@view.template_format}.erb"
83 display_paths = @finder.view_paths.join(':')
84 template_type = (@path =~ /layouts/i) ? 'layout' : 'template'
85 raise(MissingTemplate, "Missing #{template_type} #{full_template_path} in view path #{display_paths}")
86 end
87
88 # Template Handlers
89
90 @@template_handlers = HashWithIndifferentAccess.new
91 @@default_template_handlers = nil
92
93 # Register a class that knows how to handle template files with the given
94 # extension. This can be used to implement new template types.
95 # The constructor for the class must take the ActiveView::Base instance
96 # as a parameter, and the class must implement a +render+ method that
97 # takes the contents of the template to render as well as the Hash of
98 # local assigns available to the template. The +render+ method ought to
99 # return the rendered template as a string.
100 def self.register_template_handler(extension, klass)
101 @@template_handlers[extension.to_sym] = klass
102 TemplateFinder.update_extension_cache_for(extension.to_s)
103 end
104
105 def self.template_handler_extensions
106 @@template_handlers.keys.map(&:to_s).sort
107 end
108
109 def self.register_default_template_handler(extension, klass)
110 register_template_handler(extension, klass)
111 @@default_template_handlers = klass
112 end
113
114 def self.handler_class_for_extension(extension)
115 (extension && @@template_handlers[extension.to_sym]) || @@default_template_handlers
116 end
117
118 register_default_template_handler :erb, TemplateHandlers::ERB
119 register_template_handler :rjs, TemplateHandlers::RJS
120 register_template_handler :builder, TemplateHandlers::Builder
121
122 # TODO: Depreciate old template extensions
123 register_template_handler :rhtml, TemplateHandlers::ERB
124 register_template_handler :rxml, TemplateHandlers::Builder
125
126 end
127 end
Autor
En línea
