Exploit for Code Injection in Rubyonrails Rails CVE-2020-8163

## https://sploitus.com/exploit?id=99AFA98B-C3B5-5B12-A277-25806B690D91
# CVE-2020-8163
Enviroment and exploit to CVE-2020-8163 Blind remote code execution of user-provided local names in Rails < 5.0.1 and < 4.2.11.2

## Create the enviroment
  1. create docker container mapping port 4000 to 8001 
   ```
   sudo docker run --rm -it -p 8001:4000 ruby:2.3 bash
   ```

  2. update and install some tools in container
   ```
   apt update && apt install unzip libz-dev libiconv-hook1 libiconv-hook-dev net-tools nodejs -y
   ```

  3. get id container 
  ```
  sudo docker ps
  ```

  4. zip and copy app to docker container
  ```
  zip -r test_cve-2020-8163.zip test_cve-2020-8163/
  sudo docker cp test_cve-2020-8163.zip id_container:/opt/
  ```
  
  5. unzip and bundle app
  ```
  cd opt 
  unzip testapp.zip
  cd test_cve-2020-8163
  bundle
  ```
  
  6. start server
  ```
  bundle exec rails s -p 4000 -b '0.0.0.0'
  ```

  7. if we don't want to repeat the whole process, we do a docker commit
  ```
  sudo docker commit id_container name_of_commit
  ```
  
## Exploit
  1. execute exploit
  ```
  ruby exploit.rb http://localhost:8001/main/index "uname -a"
  ```
    
  2. See log to view the output