10 Jan '13, 6pm

Exploiting Ruby on Rails with Metasploit (CVE-2013-0156)

Exploiting Ruby on Rails with Metasploit (CVE-2013-0156)

First off, make sure you have a copy of Metasploit and that you have How to update Metasploit Express and Metasploit Pro . The Metasploit web interface is also a Ruby on Rails application and applying the latest update will ensure that your systems are not vulnerable to attack. Applying the latest update will also ensure you have access to the latest exploits and supporting modules. If you are using a Git checkout of the Metasploit Framework, pull the latest commits from master and you should be good to go. For version 4.5.0, you want to be running update

Full article: https://community.rapid7.com/community/metasploit/blog/20...

Tweets

Drop everything now and patch Ruby on Rails app...

darkreading.com 10 Jan '13, 9pm

This just got (more) real: Researchers today unleashed exploit code for a pair of newly found vulnerabilities in the popul...

Exploit Code, Metasploit Module Out for Ruby on...

threatpost.com 10 Jan '13, 3pm

Just two days after the disclosure of a string of serious vulnerabilities in Ruby on Rails, researchers have released proo...

#Exploit Info - VRT reviewed #Ruby on Rails vul...

vrt-blog.snort.org 10 Jan '13, 7pm

on the Ruby on Rails Security group January 8th contained a few phrases that cause alarm when used together: "inject arbit...

Attack Code, Metasploit Module Released For Ser...

darkreading.com 10 Jan '13, 9pm

This just got (more) real: Researchers today unleashed exploit code for a pair of newly found vulnerabilities in the popul...

Update Ruby now before it goes off the Rails

Update Ruby now before it goes off the Rails

pcworld.com 10 Jan '13, 10pm

Do you use Ruby on Rails? If so, it’s time to update. Now. Ruby on Rails is an open source Web application framework built...

Metasploit Rails 3 Remote Code Execution Hours ...

community.rapid7.com 10 Jan '13, 3am

was posted to the Ruby on Rails (RoR) security discussion list. The summary is that the XML processor in RoR can be tricke...

Metasploit users - get the security update for ...

community.rapid7.com 09 Jan '13, 10am

was posted to the Ruby on Rails (RoR) security discussion list. The summary is that the XML processor in RoR can be tricke...

Exploits for Ruby on Rails holes now in circula...

h-online.com 10 Jan '13, 4pm

Since the reports of a critical vulnerability in Ruby on Rails , the first exploits have begun circulating and the first r...

Ruby on Rails Bootcamp in Seattle

codefellows.org 10 Jan '13, 2pm

Immersive education is the best way to learn how to code. You'll be living and breathing Ruby on Rails every day of the we...

Dutch govt pulls Ruby on Rails, exploits become...

zdnet.com 11 Jan '13, 5am

The first effects of the recently discovered Ruby on Rails exploit are beginning to be felt, with the Dutch government pul...

Exploit für Ruby on Rails im Umlauf

heise.de 10 Jan '13, 3pm

Für die am Mittwoch gemeldete, kritische Lücke in Ruby on Rails kursieren erste Exploits; es treffen auch bereits erste Be...

Эксплойт для последних уязвимостей Ruby on Rails

Эксплойт для последних уязвимостей Ruby on Rails

xakep.ru 10 Jan '13, 5am

Среди известных сайтов, которые работают на Ruby on Rails — Github, Yammer, Scribd, Groupon, Shopify и Basecamp. На Ruby н...

New flaw in Ruby on Rails:

New flaw in Ruby on Rails:

infosecurity-magazine.com 09 Jan '13, 1pm

Earlier today the Internet Storm Center (ISC) reported , “A SQL Injection Flaw (CVE-2012-5664) was announced last week (Ja...

Ruby on Rails derails 240,000 sites with enormo...

theregister.co.uk 10 Jan '13, 3pm

Popular programming framework Ruby on Rails is affected by two critical security vulnerabilities - one allowing anyone to ...

Exploit voor ernstig Ruby on Rails-lek beschikbaar

tweakers.net 10 Jan '13, 3pm

Op internet is een exploit verschenen voor een ernstig Ruby on Rails-lek dat afgelopen dinsdag aan het licht is gekomen. H...