|
Full Disclosure
mailing list archives
Ruby on Rails Vulnerability
From: Jimmy Bandit <jimmy.bandit.music () googlemail com>
Date: Wed, 16 Feb 2011 14:31:13 +0100
hi,
the X-Forwarded-For headerfield isn't sanitized if the request comes
from a class c network. This would affect intranet-applications.
i made a poc screencast that shows the bug with the latest rails
version with devise (authentication-plugin) and more possible attacks
http://webservsec.blogspot.com/2011/02/ruby-on-rails-vulnerability.html
quick-fix for your intranet-apps:
check request.remote_ip before you use it
best regards
J
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
- Ruby on Rails Vulnerability Jimmy Bandit (Feb 16)
| 
