#Exploit Info - VRT reviewed #Ruby on Rails vulnerability that made #Metasploit release a patch : https://t.co/5R6wV4ba

VRT: The Ruby on Rails vulnerability that made Metasploit release a patch

#Exploit Info - VRT reviewed #Ruby on Rails vulnerability that made #Metasploit release a patch : https://t.co/5R6wV4ba

on the Ruby on Rails Security group January 8th contained a few phrases that cause alarm when used together: "inject arbitrary SQL", "inject and execute arbitrary code" and "perform a DoS attack on a Rails application". Without going into detail the post discussed how user-provided YAML and Symbol data could be crafted to exploit Rails applications and given the identifier CVE-2013-0156. Rails is used in many projects, including one of the most widespread pentesting frameworks available, Metasploit. Within hours of the post, Metasploit had a security update published for itself (2013010202 ) and was actively looking into creating a module for exploitation. The only information to go with before the PoC was released was that Rails could take YAML or Symbol input through xml that could potentially be abused. The worry was that specifying arbitrary classes for string and hash...

Full article: http://vrt-blog.snort.org/2013/01/the-ruby-on-rails-vulne...

Tweets

@geeknik » 11 Jan '13, 5am
RT @unixfreaxjp: #Exploit Info - VRT reviewed #Ruby on Rails vulnerability [link] that made #Metasploit release a patch : https://t.co/5R6wV4ba
@unixfreaxjp » 11 Jan '13, 4am
#Exploit Info - VRT reviewed #Ruby on Rails vulnerability [link] that made #Metasploit release a patch : https://t.co/5R6wV4ba
@essachin » 10 Jan '13, 10pm
#metasploit The Ruby on Rails vulnerability that made Metasploit - VRT - Snort [link]
@Uofis » 10 Jan '13, 10pm
Rails updated [link]
@StefanoBucaioni » 10 Jan '13, 9pm
The Ruby on Rails vulnerability that made Metasploit release a patch: This post on the Ruby on Rails Security gr... [link]
@AlanJumpi » 10 Jan '13, 9pm
Ruby always makes me laugh!!! [link] #ruby #metasploit #security #jokes
@InfosecNewsBot » 10 Jan '13, 7pm
The Ruby on Rails vulnerability that made Metasploit release a patch: This post on the Ruby on Rails Se... [link] #infosec
@cipherstorm » 10 Jan '13, 8pm
# The Ruby on Rails vulnerability that made Metasploit release a patch [link]

VRT: The Ruby on Rails vulnerability that made Metasploit release a patch

#Exploit Info - VRT reviewed #Ruby on Rails vulnerability that made #Metasploit release a patch : https://t.co/5R6wV4ba

Tweets

Drop everything now and patch Ruby on Rails app...

Exploit Code, Metasploit Module Out for Ruby on...

Exploiting Ruby on Rails with Metasploit (CVE-2...

Attack Code, Metasploit Module Released For Ser...

.@appboy patches its servers after Ruby on Rail...

Exploit für Ruby on Rails im Umlauf

Security expert review on #Java zero-day exploi...

Bitcoins stolen with Ruby on Rails exploit

Concerned about #Java zero-day exploit and #Rub...

#Java zero-day exploit and #Ruby on Rails vulne...

Exploit voor ernstig Ruby on Rails-lek beschikbaar

Concerned about #Java zero-day exploit and #Rub...

Vulnerability in Ruby on Rails could bring 200,...

Exploit Code for Ruby on Rails Flaw Likely on t...

[remote exploits] - Ruby On Rails XML Processor...