CVE-2016-6317 PoC — Ruby on Rails Active Record 安全漏洞

Source

https://github.com/kavgan/vuln_test_repo_public_ruby_gemfile_cve-2016-6317

Associated Vulnerability

Title:Ruby on Rails Active Record 安全漏洞 (CVE-2016-6317)
Description:Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155.

Readme

This repo has a dependency which is associated with this CVE-2016-6317

Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155.

CVSS v3 Base Score: 7.5 High

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6317)
- https://nvd.nist.gov/vuln/detail/CVE-2016-6317

For more info about this repo see: https://github.com/Anthophila/README.repo

File Snapshot


 [4.0K]  /data/pocs/20b8cfe75fea840d53e3f34b22e579da69dbca5e
├── [ 101]  Gemfile
├── [2.6K]  Gemfile.lock
└── [ 740]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!