The vulnerability *doesn't* get triggered normally. As the grandparent said, req... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		FooBarWidget on Jan 3, 2013 \| parent \| context \| favorite \| on: SQL Injection Vulnerability in Ruby on Rails; affe... The vulnerability doesn't get triggered normally. As the grandparent said, request parameters are stored in an object of class HashWithIndifferentAccess, which stores all keys as strings. For the vulnerability to be triggered, the keys must be symbols. You cannot trigger this vulnerability unless your have written code in your app which converts the HashWithIndifferentAccess to a normal hash. This patch does not fix a wide vulnerability. It just fixes a corner case, a just-in-case-somebody-might-write-vulnerable-code fix. It just so appears that Authlogic does this. They pass a cookie value into a dynamic finder, so you can tamper the cookie to inject SQL.

FooBarWidget on Jan 3, 2013 | [–]

More information here: http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulner...

TallboyOne on Jan 3, 2013 | [–]

Thanks for the great explanation, Sir widget.

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact