This host is running Ruby on Rails and is prone to security bypass and SQL injection vulnerabilities.

Successful exploitation will allow attackers to bypass certain security restrictions and conduct SQL injection attacks. Impact Level: Application

Upgrade to Ruby on Rails version 3.0.4 or later. For updates refer to http://rubyonrails.org/download

- The filtering code does not properly work for case insensitive file systems, which can be exploited to bypass the filter by varying the case in certain action parameters. - Input passed to the 'limit()' function is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Ruby on Rails versions 3.x before 3.0.4

• http://secunia.com/advisories/43278
• http://securitytracker.com/id?1025061
• http://securitytracker.com/id?1025063
• http://www.vupen.com/english/advisories/2011/0343

---

Updated on 2015-03-25