SPECIAL TOPICS
  1. You are here:Home
  2. Articles
  3. ruby-on-rails-string-interpolation-led-to-remote-code-execution

Ruby on Rails String Interpolation led to Remote Code Execution

  • 13/03/2017
  • 3.299

@nahamsec and I discovered a Cross-Site Scripting vulnerability a few months ago related to Rails typecasting request variables into JSON. This caused the output to be JSON formatted and the JSON indexes would avoid XSS encoding. We decided to run with this concept and explore the rest of the website to see if we could identify other vulnerabilities using the same method.
Ruby on Rails String Interpolation led to Remote Code Execution #ruby #rubydeveloper #rubyonrails #code https://rubyonrails.ba/single/ruby-on-rails-string-interpolation-led-to-remote-code-execution

RubyOnRails.BA

If you think that this shoudn't be here on the site, please contact us and we will remove it.

Read more
previous article

Snake Game by Glimmer DSL for LibUI

share this post
  • linkedin rubyonrails.ba
  • twitter rubyonrails.ba
  • facebook rubyonrails.ba
next article

Speeding up Initial Rendering of Rails Pages with render_async.

quiz.rubyonrails.ba
blog.rubyonrails.ba
Nezir Zahirovic

Contractor Ruby On Rails (8+ years) / MCPD .Net / C# / Asp.Net / CSS / SQL / (11 years)

related articles

Popular Post