You need a way to inject symbols as hash keys. Normal parameter handling does no... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		tenderlove on Jan 3, 2013 \| parent \| context \| favorite \| on: SQL Injection Vulnerability in Ruby on Rails; affe... You need a way to inject symbols as hash keys. Normal parameter handling does not allow this, so you need a different way to exploit the bug. As venus says, session forging is one way. Regular parameter handling is not.

chrismsnz on Jan 3, 2013 [–]

I will defer to the rails core dev here :)

The linked vuln report gives the impression that regular parameter handling is vulnerable.

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact