Full Disclosure mailing list archives
Rails 3.0.5 - Logfile Injection poc
From: Jimmy Bandit <jimmy.bandit.music () gmail com>
Date: Sun, 13 Mar 2011 18:51:39 +0100
Hi, i released a bug description on 16. feb about the X-Forwarded-For variable not being sanitized, so one can mess with request.remote_ip (only for intranet-apps) http://www.securityfocus.com/bid/46423/info http://seclists.org/fulldisclosure/2011/Feb/338 as it still isnt fixed i wondered if it is possible to date back an attack with a spoofed ip and it worked for the request-log-analyzer with the production.log the example dates the requests back to 2009 its also possible to inject binary data. probably not healthy for logfile-analyzers little poc-script + results https://gist.github.com/868268 i wonder how splunk would behave best regards j http://webservsec.blogspot.com/ http://jimmybandit.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Rails 3.0.5 - Logfile Injection poc Jimmy Bandit (Mar 13)