Ruby on Rails To_JSON Script Injection Vulnerability
BID:24161
Info
Ruby on Rails To_JSON Script Injection Vulnerability
| Bugtraq ID: | 24161 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-3227 |
| Remote: | Yes |
| Local: | No |
| Published: | May 25 2007 12:00AM |
| Updated: | Nov 23 2007 05:44PM |
| Credit: | BCC reported this issue to the vendor. |
| Vulnerable: |
SuSE SUSE Linux Enterprise Server 8 SuSE SUSE Linux Enterprise Server 10 SP1 SuSE Suse Linux Enterprise Desktop 10 SP1 SuSE Linux Enterprise Server 10.SP1 SuSE Linux 10.1 x86-64 SuSE Linux 10.1 x86 SuSE Linux 10.1 ppc SuSE Linux 10.0 x86-64 SuSE Linux 10.0 x86 SuSE Linux 10.0 ppc S.u.S.E. UnitedLinux 1.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. SuSE Linux Openexchange Server 4.0 S.u.S.E. openSUSE 10.3 S.u.S.E. openSUSE 10.2 S.u.S.E. Open-Enterprise-Server 0 Ruby on Rails Ruby on Rails 1.2.3 Novell Linux POS 9 Novell Linux Desktop 9 Gentoo Linux Gentoo dev-ruby/rails 1.2.4 |
| Not Vulnerable: |
Gentoo dev-ruby/rails 1.2.5 |
Discussion
Ruby on Rails To_JSON Script Injection Vulnerability
Ruby on Rails is prone to a script-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied script code would run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.
This issue affects Ruby on Rails 1.2.3; other versions may also be affected.
Ruby on Rails is prone to a script-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied script code would run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.
This issue affects Ruby on Rails 1.2.3; other versions may also be affected.
Exploit / POC
Ruby on Rails To_JSON Script Injection Vulnerability
Attackers can use a browser to exploit this issue.
Sample exploit code is available:
Attackers can use a browser to exploit this issue.
Sample exploit code is available:
Solution / Fix
Ruby on Rails To_JSON Script Injection Vulnerability
Solution:
The vendor has released an update to address this issue. Contact the vendor for details on obtaining the appropriate updates.
Solution:
The vendor has released an update to address this issue. Contact the vendor for details on obtaining the appropriate updates.
References
Ruby on Rails To_JSON Script Injection Vulnerability
References:
References:
- Ruby on Rails Homepage (Ruby on Rails)
- Ticket #8371 (Ruby on Rails)
- Ticket #8371 to_json cross site scripting security issue (XSS) (Rails Trac)