{"uuid": "ea7152b3-137b-4ec9-8f10-32a823d80d3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-5418", "type": "exploited", "source": "https://t.me/suboxone_chatroom/5362", "content": "\u26a0\ufe0fIf your target uses Rails, look for Action View CVE-2019-5418 - File Content Disclosure vuln. Although this is an old bug, it can still be found.\n\nIntercept the request in Burp and replace the Accept header with: Accept: ../../../../../../../../../../etc/passwd{{ \n\n\ud83d\udecdIf the server is deemed to be vulnerable, but a WAF is present: \n\n../../../../../../e*c/p*s*d{{\n\n\u2714\ufe0fCredit- nav1n0x", "creation_timestamp": "2025-03-12T14:51:51.000000Z"}