If you can inject an insert SQL statement into a rails app that uses delayed job, that's a remote code execution vulnerability.
@alinajaf Also if you get arbitrary file read privileges. Grab app's secret key for sessions, put your payload into session and it will auth
-
-
@patio11 That's why I advocate using a server-side session store. The situation is slightly better in Rails 4 as the cookie is encrypted. -
@alinajaf It is HMACed and signed in Rails 2 and Rails 3, but that doesn't matter if you can read the secret key thanks to an app vuln. - 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.