Collaborate Disseminate
I want to serialize and deserialize models that contain user input. Marshal is a serialization library built into Ruby.
By design, ::load can deserialize almost any class loaded into the Ruby process. In many cases this can lead to remote… Continue reading Is Marshal.load safe for Marsha.dumped data
Let’s say I have two environments: https://qa.example.com and https://example.com. In QA, I want to allow access to something insecure, like a special route that allows logging in without a password.
What are the security concerns of check… Continue reading In Ruby, can request.host be trusted to differentiate between a staging environment and production?
Ruby announced the close of a $7.3 million round of funding with participation from venture capital funds Digital Strategies, DFG Group, SigNum Capital, D1 Ventures, Global Coin Research, Ocean Foundation, DWeb3 Capital, Maverick Global Ventures, and m… Continue reading Ruby raises $7.3 million to give users granular access control over their data
I installed Metasploit on my Windows machine a while ago. And on the first use, it worked. Trying to use it the next time shows errors saying
ruby is not recognised as an internal or external command.
I checked firewall and saw that it qua… Continue reading ‘Metasploited’ Problems [closed]
HackerOne announced the next evolution of the Internet Bug Bounty (IBB) program at the company’s annual Security conference. The IBB’s mission is to secure open source by pooling funding and incentivizing security researchers to report vulnerabilities … Continue reading HackerOne updates Internet Bug Bounty program to improve the security of open source software
Granulate announced the latest addition to its gProfiler, which now provides support to Graviton processors. With this new addition to gProfiler, organizations running workloads on ARM-based Graviton instances can enjoy out-of-the-box, system-wide visi… Continue reading Granulate gProfiler provides support to Graviton processors to improve code quality
Granulate released new Kubernetes filters feature to the company’s gProfiler. gProfiler is an open-source production profiling solution that measures the performance of code in production applications to facilitate computing optimization, improve code … Continue reading Granulate adds Kubernetes filtering feature to open-source gProfiler
I’m doing testing on Ruby on Rails application, not familiar with it at all.
During my testing I have discovered unrestricted file upload (without possibiltiy to manipulate path).
I have tested uploading many extensions to gain Remote Code… Continue reading Ruby on Rails, unrestricted file upload, RCE
I am working on a challenge that involves getting code execution on a Ruby application hosted on Nginx. One of the ruby controllers seems to have been using unsanitized user input as part of the send() method which leads to arbitrary code … Continue reading Command substitution for code execution via Ruby’s send() method
I’ve been playing around with the EternalBlue exploit recently. I’ve downloaded a Windows 10 iso file from 2016 and used it to set up a Windows 10 Pro VM as my sandbox. I also ran the nmap script and metasploit scanner module to ensure tha… Continue reading RubySMB::Error::CommunicationError: Read timeout expired when reading from the Socket (timeout=30)