In association with heise online

09 September 2008, 08:25

Rails vulnerable to SQL injection

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Rails versions that predate Rails 2.1.1 are vulnerable to an SQL injection attack, accoring to an advisory from the Ruby on Rails Security Project.

The :limit and :offset parameters to the find method are not correctly sanitised, allowing code such as

    Person.find(:all,:limit=>"10; DROP TABLE users;")

to be executed. This issue seems to affect only PostgreSQL and SQLite, but not MySQL which by default disallows multiple SQL statements, but the Ruby on Rails Security project show how the flaw could be exploited to disclose information by use of the SQL UNION statement.

The advisory also includes links to a patch for Rails 2.1.0 and a backport patch for Rails 2.0 or 1.2.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit