7772 today
    Ruby on Rails String Interpolation led to Remote Code Execution

    Ruby on Rails String Interpolation led to Remote Code Execution

    13-Mar-2017 3548
    @nahamsec and I discovered a Cross-Site Scripting vulnerability a few months ago related to Rails typecasting request variables into JSON. This caused the output to be JSON formatted and the JSON indexes would avoid XSS encoding. We decided to run with this concept and explore the rest of the website to see if we could identify other vulnerabilities using the same method.
    Read more /
    Use coupon code:

    RUBYONRAILS

    to get 30% discount on our bundle!
    Prepare for your next tech interview with our comprehensive collection of programming interview guides. Covering JavaScript, Ruby on Rails, React, and Python, these highly-rated books offer thousands of essential questions and answers to boost your interview success. Buy our 'Ultimate Job Interview Preparation eBook Bundle' featuring 2200+ questions across multiple languages. Ultimate Job Interview Preparation eBook Bundle

    Bestseller

    Ruby Interview Questions

    Tags

    #Ruby #on #Rails #String #Interpolation #led #to #Remote #Code #Execution #code

    Related Links

    Learn Ruby the Hard Way
    voormedia/rails-erd: Generate Entity-Relationship Diagrams for Rails applications
    Examining The Internals Of The Rails Request/Response Cycle
    How to store large JSON in PostgreSQL with Rails Attributes API
    Appropriately using Ruby’s Thread.handle_interrupt

    Useful Links

    Quick Links

    Get in Touch

    Ruby On Rails Bosnia

    [email protected]

    Ruby On Rails Bosnia © 2016

    Template By HTML Codex