whx
/
killchain-compendium
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
killchain-compendium/Exploits/Ruby/yaml_load.md

5 lines
238 B
Markdown
Raw Blame History

# YAML.load deserialization
RCE is is possible via YAML file deserialization through `yaml.load()`.
* [staadraad describes how and provides a payload](https://staaldraad.github.io/post/2021-01-09-universal-rce-ruby-yaml-load-updated/)
Reference in New Issue View Git Blame Copy Permalink