Ruby on Rails String Interpolation led to Remote Code Execution

@nahamsec and I discovered a Cross-Site Scripting vulnerability a few months ago related to Rails typecasting request variables into JSON. This caused the output to be JSON formatted and the JSON indexes would avoid XSS encoding. We decided to run with this concept and explore the rest of the website to see if we could identify other vulnerabilities using the same method.
Ruby on Rails String Interpolation led to Remote Code Execution #ruby #rails #rubyonrails #bosnia #programming #tutorials #rubydeveloper #railsdeveloper

Nezir Zahirovic

Freelance software developer Ruby On Rails (4 years) / MCPD .Net / C# / Asp.Net / CSS / SQL / (11 years)

related articles