23 Dec '12, 6pm

CVE-2012-5664: Ruby on Rails: find_by_* SQL Injection

This issue was found on the Phenoelit Blog: An authlogic cookie usually uses a database stored token to identify the user. The relevant parts of the session cookie are: user_credentials_id - a numeric value which is used with "User.find_by_id()" user_credentials - a radom string which will be compared with the database field "persistence_token" in the Users table Due to the way the RoR "find_by_*" methods are defined the following SQL injection a-like issue arises: > User.find_by_id({:select =>"* from users limit 1 --"}) User Load (0.5ms) SELECT * from users limit 1 -- FROM "users" WHERE "users"."id" IS NULL LIMIT 1 => #<User id: 1, [... all the fun stuff] By knowing this behaviour we can now easily circumvent the authlogic protection with the knowledge of the "secret_token". The following cookie would give you access to an authlogic protected application: { "session_id" =...

Full article: https://bugzilla.redhat.com/show_bug.cgi?id=889649

Tweets

CVE-2012-5664: Ruby on Rails: find_by_* SQL Inj...

reddit.com 24 Dec '12, 1pm

use the following search parameters to narrow your results: reddit:subreddit find submissions in "subreddit" author:userna...

Ruby on Rails SQL injection issue

Ruby on Rails SQL injection issue

lwn.net 03 Jan '13, 1am

Ruby on Rails SQL injection issue [Posted January 3, 2013 by corbet] Ruby on Rails SQL injection issue [Security] Posted J...

SQL Injection Vulnerability in Ruby on Rails; a...

groups.google.com 02 Jan '13, 9pm

Dieser Browser wird nicht unterstützt.

Ruby on Rails has SQL injection vuln

theregister.co.uk 03 Jan '13, 10pm

The maintainers of Ruby on Rails are warning of an SQL injection vulnerability which affects all versions of the popular W...

SQL Injection Vulnerability in Ruby on Rails; a...

news.ycombinator.com 02 Jan '13, 9pm

You are going to have problems with this whenever you are composing SQL statement with any type of user-provided data as p...

SQL Injection Vulnerability in Ruby on Rails; a...

groups.google.com 02 Jan '13, 9pm

Dieser Browser wird nicht unterstützt.

SQL Injection Vulnerability in Ruby on Rails; a...

groups.google.com 02 Jan '13, 10pm

Dieser Browser wird nicht unterstützt.

Vuln: Ruby on Rails CVE-2012-5664 Multiple SQL ...

securityfocus.com 01 Jan '13, 10am

Ruby on Rails CVE-2012-5664 Multiple SQL Injection Vulnerabilities

sql injection vulnerability in Active Record in...

permalink.gmane.org 02 Jan '13, 9pm

SQL Injection Vulnerability in Ruby on Rails There is a SQL injection vulnerability in Active Record in ALL versions. This...

More details on the impact and exploitability o...

blog.pentesterlab.com 03 Jan '13, 3am

Just a quick write-up on this, I will probably do an exercise on it soon, like I did for the previous bug in ActiveRecord ...

Oh shit : SQL Injection Vulnerability in Ruby o...

groups.google.com 02 Jan '13, 10pm

Dieser Browser wird nicht unterstützt.

Are you a #Ruby (on #Rails) developer in the ar...

linkedin.com 22 Dec '12, 11am

Ruby on Rails has inspired the way people build web apps these days and generally engaged a huge community, however, the R...

Prime Numbers With Ruby - RailsZilla – Ruby on ...

railszilla.com 23 Dec '12, 10pm

You just have to concatenate this method after your number to find out if it is a prime or not. Now let’s do a first quick...

Ruby on Rails: vulnerabilità SQL Injection

blog.html.it 04 Jan '13, 11am

Recentemente è stata individuata una vulnerabilità a carico di Rails SQL che riguarderebbe tutte le versioni di Ruby on Ra...