瞎扯淡这次漏洞波及的范围真广啊

ibachue · January 10, 2013 · Last by cxh116 replied at January 11, 2013 · 3035 hits

只要你不加处理的把 params 往“find_by_*”里面传，就死定了只要你用的是 Rails，就死定了只要你用的是 Ruby，就死定了总之死定了。。。

luikore #1 January 10, 2013

你说的是上次的吧？操作系统每隔几天更新一些修复漏洞的补丁，人们就死个好几十次...

ibachue #2 January 10, 2013

#1 楼 @luikore 不是操作系统就是这次的 CVE-2013-0156

blacktulip #3 January 11, 2013

lol, 二楼没明白一楼的意思

4 Floor has deleted

cxh116 #5 January 11, 2013

特别是以 root 用户跑 app server，直接连系统权限都沦陷了

You need to Sign in before reply, if you don't have an account, please Sign up first.

Total 5 replies

瞎扯淡 这次漏洞波及的范围真广啊