03 Jan '13, 3am

More details on the impact and exploitability of the last Ruby-On-Rails SQL injection #CVE-2012-5664

Just a quick write-up on this, I will probably do an exercise on it soon, like I did for the previous bug in ActiveRecord . It's pretty trivial to exploit if you have the right condition... The right condition being: the ability to send symbols to activerecord. When you read the advisory, you could think that this bug could be exploited by only doing something around: http://vulnerable/?id[select]=SQL . However, ActiveSupport (a Rails core library that is used by ActiveRecord) prevents this since it ensures the keys are valid, and make sure the keys are symbols : def assert_valid_keys (* valid_keys ) unknown_keys = keys - [ valid_keys ]. flatten raise ( ArgumentError , " Unknown key(s): #{unknown_keys.join(", ")} ") unless unknown_keys . empty? From my testing the following keys are valid: :conditions, :include, :joins, :limit, :offset, :extend, :order, :select, :readonly,...

Full article: http://blog.pentesterlab.com/2013/01/on-exploiting-cve-20...

Tweets

sql injection vulnerability in Active Record in...

permalink.gmane.org 02 Jan '13, 9pm

SQL Injection Vulnerability in Ruby on Rails There is a SQL injection vulnerability in Active Record in ALL versions. This...

Ruby on Rails SQL injection issue

Ruby on Rails SQL injection issue

lwn.net 03 Jan '13, 1am

Ruby on Rails SQL injection issue [Posted January 3, 2013 by corbet] Ruby on Rails SQL injection issue [Security] Posted J...

Ruby on Rails has SQL injection vuln

theregister.co.uk 03 Jan '13, 10pm

The maintainers of Ruby on Rails are warning of an SQL injection vulnerability which affects all versions of the popular W...

Ruby on Rails 3.2.10 Released to Address SQL In...

news.softpedia.com 03 Jan '13, 12pm

Ruby on Rails 3.2.10, 3.1.9, and 3.0.18 have been released to address an SQL Injection vulnerability in Active Record that...

SQL Injection Vulnerability in several versions...

rubyflow.com 02 Jan '13, 11pm

SQL Injection Vulnerability in several versions of Rails! Posted by bcardarella on January 02, 2013 — 0 comments Fixes alr...

SQL Injection Flaw Haunts All Ruby on Rails Ver...

threatpost.com 03 Jan '13, 3pm

All of the current versions of the Ruby on Rails Web framework have a SQL injection vulnerability that could allow an atta...

SQL injection vulnerability hits all Ruby on Ra...

h-online.com 03 Jan '13, 9am

The Ruby on Rails developers are warning of an SQL injection vulnerability that affects all current versions of the web fr...

SQL injection vulnerability hits all Ruby on Ra...

h-online.com 03 Jan '13, 9am

The Ruby on Rails developers are warning of an SQL injection vulnerability that affects all current versions of the web fr...

Rails SQL injection vulnerability: hold your ho...

rubyflow.com 03 Jan '13, 11am

Rails SQL injection vulnerability: hold your horses, here are the facts Posted by FooBarWidget on January 03, 2013 — 0 com...

Ruby on Rails updates address SQL injection fla...

computerworld.com 03 Jan '13, 3pm

IDG News Service - The developers of Ruby on Rails, a popular open source Web application development framework for the Ru...

All Ruby on Rails versions affected by SQL inje...

net-security.org 03 Jan '13, 3pm

Three new versions of popular open source web application framework Ruby on Rails have been released on Wednesday in order...

SQL Injection Flaw Haunts All Ruby on Rails Ver...

threatpost.com 03 Jan '13, 3pm

All of the current versions of the Ruby on Rails Web framework have a SQL injection vulnerability that could allow an atta...

All Ruby On Rails Versions Suffer SQL Injection...

it.slashdot.org 03 Jan '13, 4pm

"All of the current versions of the Ruby on Rails Web framework have a SQL injection vulnerability that could allow an att...

SQL Injection Vulnerability in Ruby on Rails; a...

news.ycombinator.com 02 Jan '13, 9pm

You are going to have problems with this whenever you are composing SQL statement with any type of user-provided data as p...

Vuln: Ruby on Rails CVE-2012-5664 Multiple SQL ...

securityfocus.com 01 Jan '13, 10am

Ruby on Rails CVE-2012-5664 Multiple SQL Injection Vulnerabilities