- Each Ruby on Rails web application contains a secret token (usually stored in the file secret_token.rb). This token secret_token is used to sign cookies that the application sets. Without this, it's impossible to trust cookies that the browser sends, and hence difficult to rely on session based authentication. It's very important that an attacker doesn't know the value of this secret token. Your application is using a weak/known token and Acunetix managed to guess this token. Knowing the secret token allows an attacker to impersonate any user in the application and even achive Remote Code Execution by deserialization of a crafted Ruby Object.
- Change the value of the secret_token (from RAILS_ROOT/config/initializers/secret_token.rb) to a random string.
- WordPress Plugin WP-Stateless-Google Cloud Storage Remote Code Execution (2.2.0)
- WordPress Plugin WordPress Download Manager Remote Code Execution (2.7.4)
- Drupal Core 5.x Arbitrary Code Execution (5.0 - 5.2)
- WordPress Plugin XCloner-Backup and Restore Multiple Vulnerabilities (3.1.1)
- W3 total cache debug mode