SQL Injection Vulnerability in Ruby on Rails (CVE-2012-5664)

[yast]

To whom it may concern:

https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/DCNTNp_qjFM

 

[eliquid]

fucking A!

nb4 Rob
nb4 Matt
nb4 Darrin
nb4 Lee

FUCKING YES!!!!

 

[dchuk]

it only affects people who use dynamic finders (Post.find_by_id), not normal ORM shit (Post.whereid, params[:id]))

 

[illyas]

it only affects people who use dynamic finders (Post.find_by_id), not normal ORM shit (Post.whereid, params[:id]))

Ya you mad.

 

[mattseh]

Magic is for....

well.

 

[mattseh]

fucking A!

nb4 Rob
nb4 Matt
nb4 Darrin
nb4 Lee

FUCKING YES!!!!

Multiple method sigs are pretty cool.

 

[crackp0t]

Thank god PHP has never has any serious exploits like this. Yes, I know Rails is a framework and not a language, but who uses Ruby for web dev and doesn't use Rails?

 

[dchuk]

Thank god PHP has never has any serious exploits like this. Yes, I know Rails is a framework and not a language, but who uses Ruby for web dev and doesn't use Rails?

lot's of people do. we have a ton of components of serpIQ that are private internal APIs that have nothing to do with Rails.

 

[crackp0t]

lot's of people do. we have a ton of components of serpIQ that are private internal APIs that have nothing to do with Rails.

Interesting I didn't know that.

 

[mattseh]

D is using Sinatra IIRC.

 

[dchuk]

D is using Sinatra IIRC.

we also have a few event machine reactors that follow a totally different setup than normal web apps

 

[mattseh]

so fancy

 

[dchuk]

so fancy

jake's fancy, I'm boring

 

[productionhead]

< ? php ? >

 

[Clarkey]

so does this mean I should stop learning RoR and go back to Django?

 

[Bofu2U]

Thank god PHP has never has any serious exploits like this. Yes, I know Rails is a framework and not a language, but who uses Ruby for web dev and doesn't use Rails?

Same with me here. Have a few apps where the Rails stack may be like... 5,000 lines of code but over 50,000 across workers written in pure Ruby which is completely decoupled from Rails.

Iz teh fun.

 

[Jake232]

jake's fancy, I'm boring

You just wish you understood my code :bootyshake:

 

[chigga102]

That'll teach em to enjoy coding! Back to PHP for you suckers!

 

[sumohax0r]

COBOL 4 LYFE ... Tough as nails.

 

[dchuk]

anyone who things this exploit is a reasonable justification to use PHP instead doesn't have a god damn idea how to code, btw. PHP is and will be, for a long long time, a shitty, messy language.