acts_as_taggable sql injection vulnerability

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

acts_as_taggable sql injection vulnerability

court3nay
Hey everyone!

If you're using acts_as_taggable <= 1.04, (erm, any version, I
think..) please fix your local copy right now!  There are numerous sql
sanitization holes in this library.

I notified Obie of this over a month ago, so hopefully he's fixed it.

How to tell lif you're vulnerable
======================
Make a tag with a single quote in it.  See if raises an error.
Now, go delete your entire database.

How to fix
========
add/change the last line of split_tag_names

tag_names = tag_names.flatten.map { |name|
  ActiveRecord::Base.connection.quote_string(tag.name.strip) }
}.uniq.compact

-- Remember to restart your app.

court3nay

http://caboo.se :: we like big fonts and yellow highlighting
http://habtm.com :: personal codelog
http://placelist.com :: just like all the cool kids
_______________________________________________
Rails mailing list
[hidden email]
http://lists.rubyonrails.org/mailman/listinfo/rails
Reply | Threaded
Open this post in threaded view
|

Re: acts_as_taggable sql injection vulnerability

Schmo
" http://caboo.se :: we like big fonts and yellow highlighting "

Ha!  This killed me...


Courtenay wrote:

> Hey everyone!
>
> If you're using acts_as_taggable <= 1.04, (erm, any version, I
> think..) please fix your local copy right now!  There are numerous sql
> sanitization holes in this library.
>
> I notified Obie of this over a month ago, so hopefully he's fixed it.
>
> How to tell lif you're vulnerable
> ======================
> Make a tag with a single quote in it.  See if raises an error.
> Now, go delete your entire database.
>
> How to fix
> ========
> add/change the last line of split_tag_names
>
> tag_names = tag_names.flatten.map { |name|
>   ActiveRecord::Base.connection.quote_string(tag.name.strip) }
> }.uniq.compact
>
> -- Remember to restart your app.
>
> court3nay
>
> http://caboo.se :: we like big fonts and yellow highlighting
> http://habtm.com :: personal codelog
> http://placelist.com :: just like all the cool kids
> _______________________________________________
> Rails mailing list
> [hidden email]
> http://lists.rubyonrails.org/mailman/listinfo/rails
>
>  
_______________________________________________
Rails mailing list
[hidden email]
http://lists.rubyonrails.org/mailman/listinfo/rails