User Controls
Numerous Ruby on Rails vulns discovered!
-
2016-01-26 at 7 AM UTChttps://groups.google.com/forum/#!forum/rubyonrails-security
Ah, Rails, never fails to surprise me like this! I used to do Rails professionally but I moved on due to the community.
Smugness aside, I'm reading through these and trying to think up ways how these were discovered and how they can be exploited. Like, how do you discover something like this:A carefully crafted accept header can cause a global cache of mime types to
grow indefinitely which can lead to a possible denial of service attack in
Action Pack.
Is this fuzzing? Is it reading the code so intensively that you suddenly figure out the bug in it? -
2016-01-26 at 9:39 AM UTCNot sure, seems like a pretty specific thing to fuzz for i think it's a combination of both. Kind of like how bug bounty hunters go about their testing, in part reverse engineering, in part fuzzing on the basis of what you found while dissecting the code.
-
2016-01-26 at 12:49 PM UTCI guess you could say that attack sends ruby... off rails!
Ha ha ha, I'll be here all week. -
2016-01-26 at 3:19 PM UTC
Not sure, seems like a pretty specific thing to fuzz for i think it's a combination of both. Kind of like how bug bounty hunters go about their testing, in part reverse engineering, in part fuzzing on the basis of what you found while dissecting the code.
Good point. That always made me wonder.
If I was into hacking I'd try to set up a script to autoscan all the known rails sites or figure out a way how a rails site advertises that it's a rails site - I think it'd be easy with how rails processes assets (ie. "styles_<hash>.css") so ID'ing would be easy. Part of me wants to try similar things with Django sites, I mean, see how Django parses HTTP headers and maybe try to figure something out there. -
2016-01-28 at 2:21 PM UTC
Not sure, seems like a pretty specific thing to fuzz for i think it's a combination of both. Kind of like how bug bounty hunters go about their testing, in part reverse engineering, in part fuzzing on the basis of what you found while dissecting the code.
Ok, I got a book on the HTTP protocol and also a book about TCP. I know the basics, but so far I've found out a lot more about the internals (ie. state machines, standards, errors) so maybe I'll mess around with this until I'm employed again.