espes

↗ HN profile [ 96.3 ms ] full profile
Karma
304
Created
March 20, 2011 (15y ago)
Submissions
0
  1. tl;dr Due to rails parameter parsing oddities the sql injection vulnerability can be exploited even in a basic ActiveRecord app. The same technique yields an effective DOS. Put…