10 Jan '13, 9pm

Attack Code, Metasploit Module Released For Serious Ruby On Rails Bugs

This just got (more) real: Researchers today unleashed exploit code for a pair of newly found vulnerabilities in the popular Web application programming platform Ruby on Rails (RoR), as well as a new Metasploit module for the most serious of the two flaws, raising concerns of potentially damaging attacks to come on Web servers and databases. Patches for the two Ruby on Rails vulnerabilities , CVE-2013-0155 and CVE-2013-0156, were issued yesterday after researchers disclosed the bugs earlier this week. Ruby on Rails is an open-source Web programming framework that runs in more than 200,000 websites and on tens of thousands of apps, including Twitter, Metasploit, Groupon, Scribd, Hulu, Living Social, Yellow Pages, and GitHub. To date, RoR hasn't experienced much in the way of security vulnerability issues, but this new bug finds likely will open the floodgates for more resea...

Full article: http://www.darkreading.com/database-security/167901020/se...

Tweets

Drop everything now and patch Ruby on Rails app...

darkreading.com 10 Jan '13, 9pm

This just got (more) real: Researchers today unleashed exploit code for a pair of newly found vulnerabilities in the popul...

Exploit Code, Metasploit Module Out for Ruby on...

threatpost.com 10 Jan '13, 3pm

Just two days after the disclosure of a string of serious vulnerabilities in Ruby on Rails, researchers have released proo...

Exploiting Ruby on Rails with Metasploit (CVE-2013-0156)

Exploiting Ruby on Rails with Metasploit (CVE-2...

community.rapid7.com 10 Jan '13, 6pm

First off, make sure you have a copy of Metasploit and that you have How to update Metasploit Express and Metasploit Pro ....

Looks like #ruby sites might be up for grabs...

darkreading.com 16 Jan '13, 12am

This just got (more) real: Researchers today unleashed exploit code for a pair of newly found vulnerabilities in the popul...

#Exploit Info - VRT reviewed #Ruby on Rails vul...

vrt-blog.snort.org 10 Jan '13, 7pm

on the Ruby on Rails Security group January 8th contained a few phrases that cause alarm when used together: "inject arbit...

Ruby on Rails flaws expose thousands of websites to attack: More than 240,000 websites that use Ruby on Rails we...

Ruby on Rails flaws expose thousands of website...

computerweekly.com 10 Jan '13, 4pm

According to O’Donnell, the RoR vulnerability could be used for the creation of a worm , but it would be far worse if atta...

Ruby on Rails derails 240,000 sites with enormo...

theregister.co.uk 10 Jan '13, 3pm

Popular programming framework Ruby on Rails is affected by two critical security vulnerabilities - one allowing anyone to ...

Ruby 1.9.3-p374 is released.

ruby-lang.org 17 Jan '13, 8am

Now Ruby 1.9.3-p374 is released. This release includes many bug fixes. Especially, Fixed randomly SEGV problem (often repo...

Exploit Code for Ruby on Rails Flaw Likely on t...

threatpost.com 09 Jan '13, 4pm

The vulnerabilities patched Tuesday in the Ruby on Rails Web framework have security researchers warning of the potential ...

[remote exploits] - Ruby On Rails XML Processor...

1337day.com 11 Jan '13, 9am

Inj3ct0r is the ultimate database of exploits and vulnerabilities and a great resource for vulnerability researchers and s...

Exploits for Ruby on Rails holes now in circula...

h-online.com 10 Jan '13, 4pm

Since the reports of a critical vulnerability in Ruby on Rails , the first exploits have begun circulating and the first r...

Looking for front-end + ruby developers? Send y...

generalassemb.ly 12 Jan '13, 3pm

Basic CSS Properties Demonstrates ability to use basic css properties such as: link selectors, link pseudo-classes Box Mod...

Concerned about #Java zero-day exploit and #Rub...

blog.trendmicro.com 11 Jan '13, 11pm

Clearly, this is a serious situation and people should take steps to protect themselves as best they can. People running R...

Metasploit Rails 3 Remote Code Execution Hours ...

community.rapid7.com 10 Jan '13, 3am

was posted to the Ruby on Rails (RoR) security discussion list. The summary is that the XML processor in RoR can be tricke...