Ruby

Rails Application Hijacking: Part 2

Posted on

In my previous post, I demonstrated how Ruby’s #eval method can be exploited to hijack a Rails application.  Of course, if you knew much of anything about Ruby or Rails, then that post was probably underwhelming.  It was like warning people not to leave the keys in the ignition and the doors unlocked when parking […]

Ruby

Rails Application Hijacking: Part 1

Posted on

Hey everybody!  Check out how crazy easy it is to write a calculator application in Rails!

All I had to do was pass the user’s input into Ruby’s #eval method!  Isn’t Rails teh (sic) awesome? Now that you’ve finished dishing out jumping high-fives to everyone in the room, let’s think through the implications of […]

Announcements

It’s Adventure Time!

Posted on

Since I’ve been so short on time lately, I decided I’d tackle 2 of my goals at once: I’d finally get around to implementing a real application in Ruby on Rails I’d finally implement a Multi-User Dungeon game You can find the code at https://github.com/briandamaged/adventur .  Yes, I intentionally left the “e” off the word […]