User Controls

Navigation

Niggas in Space > Technophiliacs & Technophiles > Numerous Ruby on Rails vulns discovered!

Numerous Ruby on Rails vulns discovered!

  1. 2016-01-26 at 7 AM UTC
    #1
    LiquidIce Houston
    https://groups.google.com/forum/#!forum/rubyonrails-security

    Ah, Rails, never fails to surprise me like this! I used to do Rails professionally but I moved on due to the community.

    Smugness aside, I'm reading through these and trying to think up ways how these were discovered and how they can be exploited. Like, how do you discover something like this:

    A carefully crafted accept header can cause a global cache of mime types to
    grow indefinitely which can lead to a possible denial of service attack in
    Action Pack.

    Is this fuzzing? Is it reading the code so intensively that you suddenly figure out the bug in it?
  2. 2016-01-26 at 9:39 AM UTC
    #2
    Sophie Pedophile Tech Support
    Not sure, seems like a pretty specific thing to fuzz for i think it's a combination of both. Kind of like how bug bounty hunters go about their testing, in part reverse engineering, in part fuzzing on the basis of what you found while dissecting the code.
  3. 2016-01-26 at 12:49 PM UTC
    #3
    The Self Taught Man Black Hole
    I guess you could say that attack sends ruby... off rails!

    Ha ha ha, I'll be here all week.
  4. 2016-01-26 at 3:19 PM UTC
    #4
    LiquidIce Houston
    Not sure, seems like a pretty specific thing to fuzz for i think it's a combination of both. Kind of like how bug bounty hunters go about their testing, in part reverse engineering, in part fuzzing on the basis of what you found while dissecting the code.

    Good point. That always made me wonder.

    If I was into hacking I'd try to set up a script to autoscan all the known rails sites or figure out a way how a rails site advertises that it's a rails site - I think it'd be easy with how rails processes assets (ie. "styles_<hash>.css") so ID'ing would be easy. Part of me wants to try similar things with Django sites, I mean, see how Django parses HTTP headers and maybe try to figure something out there.
  5. 2016-01-28 at 2:21 PM UTC
    #5
    LiquidIce Houston
    Not sure, seems like a pretty specific thing to fuzz for i think it's a combination of both. Kind of like how bug bounty hunters go about their testing, in part reverse engineering, in part fuzzing on the basis of what you found while dissecting the code.

    Ok, I got a book on the HTTP protocol and also a book about TCP. I know the basics, but so far I've found out a lot more about the internals (ie. state machines, standards, errors) so maybe I'll mess around with this until I'm employed again.
Jump to Top