Egor Homakov

Security consulting: Sakurity Twitter: @homakov. homakov@gmail.com

Thursday, January 10, 2013

Rails 'params' #2

I discovered [1, nil] attack, but while i was checking unsafe query generation and DoS with symbols people on twitter found RCE for YAML through instancing some class that will eventually eval attribute from user input! Sweet!
IMHO this article is best on topic, and explains the whole chain of exploitation.
I told you, didn't i?
Author: homakov on 4:51 AM

No comments:

Post a Comment

Newer Post Older Post Home
Subscribe to: Post Comments (Atom)

Posts:

  • ►  2015 (1)
    • ►  February (1)
  • ►  2014 (18)
    • ►  December (3)
    • ►  November (1)
    • ►  September (1)
    • ►  July (1)
    • ►  May (1)
    • ►  February (2)
    • ►  January (9)
  • ▼  2013 (33)
    • ►  December (2)
    • ►  November (3)
    • ►  July (3)
    • ►  June (2)
    • ►  May (4)
    • ►  April (2)
    • ►  March (6)
    • ►  February (7)
    • ▼  January (4)
      • Rails is [Fr]agile. Vulnerabilities Will Keep Coming.
      • XSS Hunter: Using XSS Auditor For Great Good
      • Rails 'params' #2
      • Rails Security Digest. 'params' Case
  • ►  2012 (14)
    • ►  November (1)
    • ►  September (1)
    • ►  August (3)
    • ►  July (1)
    • ►  June (2)
    • ►  May (1)
    • ►  April (3)
    • ►  March (2)
Powered by Blogger.