New Rails SQL Injection Vulnerability Uncovered
A new SQL-injection vulnerability for the new year, this time in an otherwise common and innocuous-looking part of Ruby on Rails’ ActiveRecord: Post.find_by_id(params[:id]) It is disappointing that the default ORM in Rails cannot yet safely query by identifier, a task … Continue reading