10 Jan '13, 7pm

#Exploit Info - VRT reviewed #Ruby on Rails vulnerability that made #Metasploit release a patch : https://t.co/5R6wV4ba

on the Ruby on Rails Security group January 8th contained a few phrases that cause alarm when used together: "inject arbitrary SQL", "inject and execute arbitrary code" and "perform a DoS attack on a Rails application". Without going into detail the post discussed how user-provided YAML and Symbol data could be crafted to exploit Rails applications and given the identifier CVE-2013-0156. Rails is used in many projects, including one of the most widespread pentesting frameworks available, Metasploit. Within hours of the post, Metasploit had a security update published for itself (2013010202 ) and was actively looking into creating a module for exploitation. The only information to go with before the PoC was released was that Rails could take YAML or Symbol input through xml that could potentially be abused. The worry was that specifying arbitrary classes for string and hash...

Full article: http://vrt-blog.snort.org/2013/01/the-ruby-on-rails-vulne...

Tweets

Drop everything now and patch Ruby on Rails app...

darkreading.com 10 Jan '13, 9pm

This just got (more) real: Researchers today unleashed exploit code for a pair of newly found vulnerabilities in the popul...

Exploit Code, Metasploit Module Out for Ruby on...

threatpost.com 10 Jan '13, 3pm

Just two days after the disclosure of a string of serious vulnerabilities in Ruby on Rails, researchers have released proo...

Exploiting Ruby on Rails with Metasploit (CVE-2013-0156)

Exploiting Ruby on Rails with Metasploit (CVE-2...

community.rapid7.com 10 Jan '13, 6pm

First off, make sure you have a copy of Metasploit and that you have How to update Metasploit Express and Metasploit Pro ....

Attack Code, Metasploit Module Released For Ser...

darkreading.com 10 Jan '13, 9pm

This just got (more) real: Researchers today unleashed exploit code for a pair of newly found vulnerabilities in the popul...

.@appboy patches its servers after Ruby on Rail...

blog.appboy.com 11 Jan '13, 5pm

Earlier this week, a serious advisory was posted to the Ruby on Rails security discussion list . Unknown hacker groups had...

Exploit für Ruby on Rails im Umlauf

heise.de 10 Jan '13, 3pm

Für die am Mittwoch gemeldete, kritische Lücke in Ruby on Rails kursieren erste Exploits; es treffen auch bereits erste Be...

Security expert review on #Java zero-day exploi...

blog.trendmicro.com 11 Jan '13, 10pm

Clearly, this is a serious situation and people should take steps to protect themselves as best they can. People running R...

Bitcoins stolen with Ruby on Rails exploit

bitcointalk.org 13 Jan '13, 1pm

General discussion about the Bitcoin ecosystem that doesn't fit better elsewhere. News, the Bitcoin community, innovations...

Concerned about #Java zero-day exploit and #Rub...

blog.trendmicro.com 11 Jan '13, 11pm

Clearly, this is a serious situation and people should take steps to protect themselves as best they can. People running R...

#Java zero-day exploit and #Ruby on Rails vulne...

blog.trendmicro.com 12 Jan '13, 12am

Clearly, this is a serious situation and people should take steps to protect themselves as best they can. People running R...

Exploit voor ernstig Ruby on Rails-lek beschikbaar

tweakers.net 10 Jan '13, 3pm

Op internet is een exploit verschenen voor een ernstig Ruby on Rails-lek dat afgelopen dinsdag aan het licht is gekomen. H...

Concerned about #Java zero-day exploit and #Rub...

blog.trendmicro.com 14 Jan '13, 7pm

Clearly, this is a serious situation and people should take steps to protect themselves as best they can. People running R...

Vulnerability in Ruby on Rails could bring 200,000 sites down

Vulnerability in Ruby on Rails could bring 200,...

geek.com 10 Jan '13, 12pm

In the realm of computer security there are bugs , and then there are bugs . The latter refers to a real showstopper — the...

Exploit Code for Ruby on Rails Flaw Likely on t...

threatpost.com 09 Jan '13, 4pm

The vulnerabilities patched Tuesday in the Ruby on Rails Web framework have security researchers warning of the potential ...

[remote exploits] - Ruby On Rails XML Processor...

1337day.com 11 Jan '13, 9am

Inj3ct0r is the ultimate database of exploits and vulnerabilities and a great resource for vulnerability researchers and s...