[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Ruby on Rails Vulnerability

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Ruby on Rails Vulnerability
From: Jimmy Bandit <jimmy.bandit.music@xxxxxxxxxxxxxx>
Date: Wed, 16 Feb 2011 14:31:13 +0100

hi,

the X-Forwarded-For headerfield isn't sanitized if the request comes
from a class c network. This would affect intranet-applications.

i made a poc screencast that shows the bug with the latest rails
version with devise (authentication-plugin) and more possible attacks

http://webservsec.blogspot.com/2011/02/ruby-on-rails-vulnerability.html

quick-fix for your intranet-apps:
check request.remote_ip before you use it

best regards
J

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown
Next by Date: Re: [Full-disclosure] from hbgary: stuxnet, WL attack, Psyop and Anonymous trackdown
Previous by thread: [Full-disclosure] [SECURITY] [DSA 2165-1] ffmpeg-debian security update
Next by thread: [Full-disclosure] Sneakernet virus as possible source of WikiLeaks cablegate files
Index(es):
- Date
- Thread