Security issues for CQ/AEM Instances
Contact me at LinkedIn  RailsZilla at Facebook  RailsZilla at twitter   google +1  Contact me at Xing  connect me at github

Security issues for CQ/AEM Instances

Posted in Ruby, Start

Because I was checking some security issues in my job, I was concerned with exploits for the Adobe AEM system. We can find a lot of old Adobe AEM Versions out there. To find Websites using Adobe AEM, just go to google and enter: 1inurl:content/geometrixx By doing this, we will get a lot of results […]

Tags: , , , ,

Ruby on Rails Security Checklist

Posted in Rails

When ever we create a project, the same issue is our pain in the ass … I talk about Security which is somehow dull and seems to be boring. I have done a simple checklist for a quick review of your code, which is divided in three simple steps: model, view and of course controller. […]

Tags: , , ,

Rails Security – Clickjacking

Posted in Rails

Note: This exploit is fixed in Rails 4 Our exploit today is clickjacking which is also called “UI redress attacks”. With clickjacking you can take an unexpected action for your victim by rendering the target site in an invisible frame. As an example, an attacker may trick users into taking undesired actions like making a […]

Tags: , , , ,

Security issue – symbol DoS vulnerability in ActiveRecord

Posted in Rails

There is a symbol DoS vulnerability in Active Record. When a hash is provided as the find value for a query, the keys of the hash may be converted to symbols. Have a look at this example: 1User.where(:name => { ‘foo’ => ‘bar’ }) When you write this small piece of code, the string ‘foo’ […]

Tags: , , ,

Copyright © 2011-2017  - RailsZilla – Ruby on Rails tutorials, tips and tricks All rights reserved. | Imprint | Privacy