lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <AANLkTikOpkzYBNQyqiqk2brMT7CiW=-g3Yw1tbA-QJJG@mail.gmail.com>
Date: Wed, 16 Feb 2011 14:31:13 +0100
From: Jimmy Bandit <jimmy.bandit.music@...glemail.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Ruby on Rails Vulnerability

hi,

the X-Forwarded-For headerfield isn't sanitized if the request comes
from a class c network. This would affect intranet-applications.

i made a poc screencast that shows the bug with the latest rails
version with devise (authentication-plugin) and more possible attacks

http://webservsec.blogspot.com/2011/02/ruby-on-rails-vulnerability.html

quick-fix for your intranet-apps:
check request.remote_ip before you use it

best regards
J

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ