Ruby China

安全 利用`send`漏洞进行拒绝服务(DoS)攻击

mehdi-farsi · August 30, 2020 · Last by mehdi-farsi replied at August 31, 2020 · 1369 hits 
# app/models/post.rb
class Post < ApplicationRecord
  scope :filter1, -> { where(status: :filter1) }
  scope :filter2, -> { where(status: :filter2) }
  scope :filter3, -> { where(status: :filter3) }

  scope :recent, -> { order(updated_at: :desc) }
end

# app/controllers/post_controller.rb
class PostsController < ApplicationController
  def index
    @users = Post.send(params[:filter]).recent
  end
end

GET /posts?filter=exit!           # => 服务器会被迫停止。
GET /posts?filter_delete_all!     # => 删除数据库表的内容会被清除。
1 likes
manxingxing #1 August 31, 2020

这个叫“任意代码执行漏洞”可能更贴切些。DOS 一般是用海量请求占用服务器资源,使得服务器无法正常工作。

exfx #2 August 31, 2020
Reply to manxingxing

业内这种也算 dos,而且这里能执行的代码也是有限的

mehdi-farsi #3 August 31, 2020
Reply to manxingxing

DOS 的意思是拒绝服务器。

4 Floor has deleted
You need to Sign in before reply, if you don't have an account, please Sign up first.