ruby – WindowsTechs.com

TIOBE Index News (April 2024): PHP’s Popularity Declining

Posted on April 12, 2024 by Megan Crouse

The top three programming languages – C++, C and Python – remain the same, while Fortran rises. Continue reading TIOBE Index News (April 2024): PHP’s Popularity Declining→

White House Recommends Memory-Safe Programming Languages and Security-by-Design

Posted on March 4, 2024 by Megan Crouse

A new report promotes preventing cyberattacks by using memory-safe languages and the development of software safety standards. Continue reading White House Recommends Memory-Safe Programming Languages and Security-by-Design→

exploiting the scenario and how to generate a secure reset password token

Posted on December 14, 2022 by hanan

I am using the following line of code to create a reset password code sent to the user in her/his email. when scanned with brakeman to my ruby code, this line of code is catched and describes it as it is vulnerable.
this is the line of cod… Continue reading exploiting the scenario and how to generate a secure reset password token→

ruby on rails constantize exploitation

Posted on December 5, 2022 by hanan

I was trying to exploit the constantize method in ruby for remote code execution. for example I have this line code:
@mygroups = params[:group][:type].constantize.new(params[:group])

and in the request I sent the following payload:
group%… Continue reading ruby on rails constantize exploitation→

How to exploit and fix dependency vulnerabilities? [closed]

Posted on June 24, 2022 by icdcoffee

I have a vulnerability scanner than detected a security vulnerability in a particular package. Let’s call it package "D@4.0". D@4.0 is used by other dependencies, such as this:
A@1.0 > B@2.0 > C@3.0 > D@4.0.
Typically th… Continue reading How to exploit and fix dependency vulnerabilities? [closed]→

RubyGems supply chain rip-and-replace bug fixed – check your logs!

Posted on May 9, 2022 by Paul Ducklin

Imagine if you could assume the identity of, say, Franklin Delano Roosevelt simply by showing up and calling yourself “Frank”. Continue reading RubyGems supply chain rip-and-replace bug fixed – check your logs!→

Ruby on Rails: Request to http://\localhost/admin/config.php

Posted on April 5, 2022 by Railsana

I got an exception notification for a request from 92.118.39.180:61001 to: http://\localhost/admin/config.php
This is the notification:
——————————-
Request:
——————————-

* URL : http://\local… Continue reading Ruby on Rails: Request to http://\localhost/admin/config.php→

A Ruby Developer’s Life In Kharkiv, Ukraine

Posted on March 17, 2022 by BeauHD

In an interview with The Register, Victor Shepelev, a Ruby developer and software architect who lives in Kharkiv, Ukraine, shares his experience living in a country being invaded by Russia. He hopes that his situation will encourage international polit… Continue reading A Ruby Developer’s Life In Kharkiv, Ukraine→

How do I catch metasploit session scripts error code in ruby?

Posted on March 12, 2022 by Steven Even

I was able to start a session using metasploit framework (msf6) with an android but after a while being in the session, the meterpreter session closes. Luckily however after a few seconds, another stage payload gets sent out, giving me acc… Continue reading How do I catch metasploit session scripts error code in ruby?→

Is Marshal.load safe for Marsha.dumped data

Posted on February 25, 2022 by Qaz

I want to serialize and deserialize models that contain user input. Marshal is a serialization library built into Ruby.

By design, ::load can deserialize almost any class loaded into the Ruby process. In many cases this can lead to remote… Continue reading Is Marshal.load safe for Marsha.dumped data→