"This module exploits a remote code execution vulnerability in the XML request processor of the Ruby on Rails application framework. This vulnerability allows an attacker to instantiate a remote object, which in turn can be used to execute any ruby code remotely in the context of the application." - from exploit's code [1]
All description and all paths for exploitation: [2] Sum up all current RoR exploits: [3] [1] - https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/rails_xml_yaml_code_exec.rb [2] - https://community.rapid7.com/community/metasploit/blog/2013/01/09/serialization-mischief-in-ruby-land-cve-2013-0156?x=1 [3] - http://ronin-ruby.github.com/blog/2013/01/09/rails-pocs.html -- Jozef
