12 Feb '13, 1am

YAML f7u12

Our attacker knows that this class is defined in the system. Using YAML, along with Psych’s object deserialization, they can inject any object in to the system they choose. So how can they use this object? Let’s take a look at the YAML payload for exploiting this code, then talk about how it works:

Full article: http://tenderlovemaking.com/2013/02/06/yaml-f7u12.html

Tweets

Anatomy of an Exploit: An In-depth Look at the Rails YAML Vulnerability

Anatomy of an Exploit: An In-depth Look at the ...

rubysource.com 04 Feb '13, 2pm

Exploits happens, and this month the Rails and Ruby communities have seen no shortage. From a major exploit in Rails to a ...

Ma (rapide) présentation d'hier sur la vuln' YA...

speakerdeck.com 06 Feb '13, 10am

Quick presentation on the YAML vuln and the impact on a Rails application.