13 Mar '17, 5pm

How @nahamsec and I got Remote Code Execution on @Airbnb with Ruby on Rails String Interpolation

and I discovered a Cross-Site Scripting vulnerability a few months ago related to Rails typecasting request variables into JSON. This caused the output to be JSON formatted and the JSON indexes would avoid XSS encoding. We decided to run with this concept and explore the rest of the website to see if we could identify other vulnerabilities using the same method. Along the way we discovered an interesting output from the /api/v1/listings/[id]/update API request. This led us to finding a Remote Code Execution vulnerability on Airbnb due to Ruby on Rails string interpolation.

Full article: http://buer.haus/2017/03/13/airbnb-ruby-on-rails-string-i...

Tweets

How @nahamsec and I got Remote Code Execution o...

linkis.com 15 Mar '17, 9am

Why are you closing? It hides the content It looks like an ad I trust only original links Link shared by RifCo RifCo @rifc...

#infosec #hackin…

buer.haus 19 Mar '17, 10pm

and I discovered a Cross-Site Scripting vulnerability a few months ago related to Rails typecasting request variables into...

Remote Ruby on Rails Developer #Columbia #South...

hea-employment.com 15 Mar '17, 1am

Our Government Client is seeking an experienced Information Ruby on Rails Developer for a 12 Month plus contract position ...

Apprendre Ruby on Rails : Tester son code avec ...

journalduhacker.net 13 Mar '17, 4pm

Apprendre Ruby on Rails : Tester son code avec Rspec ruby on rails feedproxy.google.com soumis par carlchenet il y a 27 mi...

Lead Ruby on Rails Engineer - REMOTE! - Salt La...

jobs.utah.gov 24 Mar '17, 2pm

You can email your cover letter and resume directly to the employer for this job. You can attach saved resumes and upload ...

Urgently Needed Sr. Ruby On Rails... #Columbia ...

hea-employment.com 15 Mar '17, 1am

Urgently Needed Sr. Ruby On Rails Developer || Remote position More Jobs Like This ID: 1476218 Location: Columbia, SC, USA...

#rubyonrails

grafikart.fr 13 Mar '17, 1pm

Lorsque l'on crée une application complexe il est important de tester son code afin de s'assurer que tout fonctionne comme...

50 Most Common Rails Mistakes: The Ruby Way

jetruby.com 14 Mar '17, 5pm

It’s been a while since we’ve rolled out our previous article about the most common Rails mistakes that beginner developer...

Ruby on Rails Code Camp (Student Edition) #even...

mice.easybranches.com 17 Mar '17, 10am

Ruby on Rails Code Camp (Students Edition) is a whole day workshop in partnership with Ruby Users Group Philippines (PhRUG...

Remote job: ReactJS/Ruby on Rails Engineer at L...

jobmote.com 15 Mar '17, 4pm

We need an experienced web developer who is attentive to detail, able to work with a small team, and able to work independ...

Why Ruby on Rails is the best choice for MVP?

Why Ruby on Rails is the best choice for MVP?

brocoders.com 13 Mar '17, 2pm

If you are lucky to have a brilliant idea and are currently considering different alternatives for creating your web appli...

Reading Ruby Code: ROM - Exploration

rubyflow.com 15 Mar '17, 2am

× The Ruby and Rails community linklog Made a library? Written a blog post? Found a useful tutorial? Share it with the Rub...

#seo #ppc #marketing #digital #advertising

#seo #ppc #marketing #digital #advertising

ppchire.com 14 Mar '17, 8pm

What it’s like to learn Ruby on Rails? For all who have just begun learning RoR, you may have discovered that it is easy t...