@bascule This is why it sort of doesn't matter if you can find an exploit vector or not. There are truly devious motherfuckers out there.
So now that it's out, yes I was wrong about there not being an SQLi exploitation vector in Rails, although I figured it out last Thursday
-
-
-
@KirinDave yeah, everything I was saying before was wrong wrong wrong, didn't tweet about it because of the fact -
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.