If you can inject an insert SQL statement into a rails app that uses delayed job, that's a remote code execution vulnerability.
@alinajaf It is HMACed and signed in Rails 2 and Rails 3, but that doesn't matter if you can read the secret key thanks to an app vuln.
-
-
@patio11 Yep. 'Show HN' posts with open sourced code by people just starting to program fall prey to this often.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.