Hey,
I need to find out the impact of vulnerability: CVE-2013-1854 Symbol DoS
vulnerability in Active Record
Is there a way I can test my application with DoS attack by doing some
manual code or something like that.
On rails console, I tried to do something like:
User.where(:email => {:email => 'test'})
> SELECT `users`.* FROM `users` WHERE `email`.`email` = 'test'
it gave "ActiveRecord::StatementInvalid:" exception.
How would requests like this lead to DoS attack. Its just like any other
invalid sql.
Also, How can I reproduce the vulnerability mentioned on
http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/
Please help me out with the reference to example(s) causing mentioned
vulnerabilities.
Thanks
--
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msg/rubyonrails-talk/-/Kb2nX5NkSqwJ.
For more options, visit https://groups.google.com/groups/opt_out.
