Solutions to the Ruby on Rails security workshop run recently at MOJ Digital by Ali ([email protected])
Code will not function without the associated rails apps which I have not uploaded, but solutions demonstrate automated exploits of a range of security vulnerabilities ranging from poorly designed authentication mechanisms, to a full compromise of a rails through remote code execution.
- Secret Keeper: non-access protected restful URLs
- Payroll Buddy: more complex variant of secret keeper
- Weight Tracker: broken registration mechanism
- To Do I: broken password reset tokenisation
- To Do I: more sophisticated (yet still predictable) password reset tokenisation
- Uploader I: directory traversal vulnerability
- Uploader II: decrypting rails cookies
- Uploader III: modifying signed rails cookies
- Uploader IV: code execution through modified cookies