Blog.Pentesterlab.Com Site Info - OpenRuby.com

Follow @openruby

#NA

blog.pentesterlab.com

http://openruby.com/sites/blog.pentesterlab.com

PentesterLab: On exploiting CVE-2012-5664...

blog.pentesterlab.com 03 Jan '13, 3am

Just a quick write-up on this, I will probably do an exercise on it soon, like I did for the previous bug in ActiveRecord . It's pretty trivial to exploit if you have the right condition... The right condition being: the ability to send symbols to activerecord. When you read the advis...
Related:
1. SQL Injection Vulnerability in Ruby on Rails (CVE-2012-5664) permalink.gmane.org 02 Jan '13, 9pm
2. Ruby on Rails SQL injection issue [LWN.net] lwn.net 03 Jan '13, 1am
3. Ruby on Rails has SQL injection vuln theregister.co.uk 03 Jan '13, 10pm
4. Ruby on Rails 3.2.10 Released to Address SQL Injection Vulnerability news.softpedia.com 03 Jan '13, 12pm
5. SQL Injection Vulnerability in several versions of Rails! rubyflow.com 02 Jan '13, 11pm
6. SQL Injection Flaw Haunts All Ruby on Rails Versions | threatpost threatpost.com 03 Jan '13, 3pm
7. SQL injection vulnerability hits all Ruby on Rails versions - The H Open: N... h-online.com 03 Jan '13, 9am
8. SQL injection vulnerability hits all Ruby on Rails versions - The H Securit... h-online.com 03 Jan '13, 9am

Related