# Ruby Tricks

{{#include ../../banners/hacktricks-training.md}}

## File upload to RCE

As explained in [this article](https://www.offsec.com/blog/cve-2024-46986/), uploading a `.rb` file into sensitive directories such as `config/initializers/` can lead to remote code execution (RCE) in Ruby on Rails applications.

{{#include ../../banners/hacktricks-training.md}}