Tuesday, April 30, 2013
Hey,
I need to find out the impact of vulnerability: CVE-2013-1854 Symbol DoS vulnerability in Active Record
Is there a way I can test my application with DoS attack by doing some manual code or something like that.
On rails console, I tried to do something like:
User.where(:email => {:email => 'test'})
> SELECT `users`.* FROM `users` WHERE `email`.`email` = 'test'
it gave "ActiveRecord::StatementInvalid:" exception.
How would requests like this lead to DoS attack. Its just like any other invalid sql.
Also, How can I reproduce the vulnerability mentioned on http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/
Please help me out with the reference to example(s) causing mentioned vulnerabilities.
Thanks
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/Kb2nX5NkSqwJ.
For more options, visit https://groups.google.com/groups/opt_out.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment