Exploit for Ruby on Rails
In the web there are first reports of web-servers affected by hackers.
Since the disclosure of the critical gaps in the framework, Ruby on Rails web appeared not only exploits using this vulnerability, but the first reports of compromised with it web-servers. To date, the Metasploit module has appeared appropriate.
Note that this gap is extremely dangerous because it affects the very large number of applications and servers. Server administrators with Rails applications should update their software to the latest version. Recall that the updates that address just two holes, the developers have been published on Wednesday, January 9.
The vulnerability lies in the fact that the remote attacker can send data to the application as a POST request, and thus proekspluatirovat it. While Brescia affects all media in which the XML parser is active (default is active.)
At the moment the gap is fixed in these versions of Ruby on Rails, as 3.2.11, 3.1.10, 3.0.19 and 2.3.15.
A detailed description of vulnerabilities can be found here .
Filed under: IT Security News, Security Notices
