Rails Application Hijacking: Part 2

Posted on Leave a commentPosted in Ruby

In my previous post, I demonstrated how Ruby’s #eval method can be exploited to hijack a Rails application.  Of course, if you knew much of anything about Ruby or Rails, then that post was probably underwhelming.  It was like warning people not to leave the keys in the ignition and the doors unlocked when parking […]

Rails Application Hijacking: Part 1

Posted on Leave a commentPosted in Ruby

Hey everybody!  Check out how crazy easy it is to write a calculator application in Rails!

All I had to do was pass the user’s input into Ruby’s #eval method!  Isn’t Rails teh (sic) awesome? Now that you’ve finished dishing out jumping high-fives to everyone in the room, let’s think through the implications of […]