Chris Shiflett ▪ Hacking Rails (and GitHub)

Chris Shiflett writes a clear recap of the GitHub ssh key exploit. A little scary that Rails doesn’t make form field checking easy.

For those of you more familiar with PHP, imagine a feature like register_globals, but instead of injecting arbitrary form data into the global namespace, it injects arbitrary form data into the database. It might as well be called opt-in SQL injection, but even that’s being too generous, because this is much easier to exploit than an SQL injection vulnerability.

Chris Shiflett ▪ Hacking Rails (and GitHub).

http://shiflett.org/blog/2012/mar/hacking-rails-and-github

Advertisements

1 thought on “Chris Shiflett ▪ Hacking Rails (and GitHub)

  1. It’s actually a nice and useful piece of information. I am satisfied that you just shared this useful info with us. Please stay us informed like this. Thanks for sharing.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this:
search previous next tag category expand menu location phone mail time cart zoom edit close