I 簡単に 追加するd a <input value=USER_ID 指名する=public_key[user_id]> field to Public 重要な update form, where USER_ID = 4223 (from https://api.github.com/使用者s/rails).
@重要な = PublicKey.find(params[:id])
@重要な.update_attributes(params[:public_key]) #Oh no! We passed public_key[user_id] of our 犠牲者!
Now our 犠牲者 (Rails) has our public 重要な associated with their account. You can read/令状 in any public/私的な repo on github.
Thoughts on this from 2014:
it was one of my first 切り開く/タクシー/不正アクセスs and I didn't know how to behave. I was angry because nobody 手配中の,お尋ね者 to take me and 集まり-assignment 問題/発行する 本気で. After I did the commit this vulnerability was 直す/買収する,八百長をするd on github within 1 hour and in rails within 5 hours. This was really 効果的な, many people learned about the bug and 直す/買収する,八百長をするd it in their apps, but I still 悔いる about this irresponsible 公表,暴露.
Hi, if you 報告(する)/憶測d this to github before using it, could you paste the mail with headers as a blog 地位,任命する? A lot of people think you behaved 不正に because you didn't 報告(する)/憶測 to github first, but I read in a comment that you did.
Reply削除するIt was 報告(する)/憶測d with a link to the commit.
Reply削除するYeah, there's the problem. You 報告(する)/憶測d it 経由で 偉業/利用するing it AND POSTING WHAT YOU DID IN A PUBLIC MEDIUM. Then, and ONLY then did you 報告(する)/憶測 it.
Reply削除するThank you for nice explanation of the 安全 problem.
Reply削除するintersting it is ? yes
Reply削除するHow's your ロシアの?
Reply削除するSome of you butthurt anons should just stfu, who gives a shit if english isn't his first language or what the dude looks like in his pic. He just exposed a 大規模な 穴を開ける that GH tried to ignore and made the world 支払う/賃金 attention to his findings.
Reply削除するHe should have 工場/植物d a backdoor in rails and wiped the commit スピードを出す/記録につける to pwn all your arrogant pretty boy english speaking asses at his leisure.
Hey,
ReplyCongrats on finding a vulnerability. The truth is, there are more that aren't 存在 演説(する)/住所d. I have known about this one for awhile but not 実験(する)d it in most 最近の 見解/翻訳/版 of rails. That's not why I am 令状ing you though.
You are young and 熱烈な about programming - I love that. I have about 10+ years experience on you so let me 株 one thing I learned 早期に on in my career: Be careful when trying to 証明する your point in tech. While this (激しい)反発 may seem tame, if you choose to do something 類似の with the wrong (弁護士の)依頼人, they could make life very unpleasant. Choose your 戦う/戦いs very wisely. いつかs it is better to be a teacher then a hacktivist :)
Good luck with your career and all the 適切な時期s.
Clap clap clap
Reply削除するVery smart 切り開く/タクシー/不正アクセス. However, as mh 明言する/公表するd, maybe not the best way to expose the vulnerability into public. You may get into serious trouble, maybe not because it is Github, you know.. they might 結局最後にはーなる 雇うing you, but you probably wouldnt have the same luck against Microsoft :)
元気づけるs
Nice work. FULL DISCLOSURE
Reply削除するThat is 冷静な/正味の my friend
Reply削除するЕгор ты прям звез дой стал на Хакер Ньюз ;)
Reply削除するI love how Rails "hackers" are butthurting furiously. Yeah, people, some clever ロシアの guy just made you look fucking retarded. Serves you 権利.
< a class="comment-reply" target="_self" data-comment-id="8046599920941459802">Reply削除するNow come on, when you 非難する Egor's English, please do it in ロシアの for 付加 lulz.
Все правильно сделал, Егор, ты охуенен. Переезжай в Израиль, у нас есть для тебя работа, серьезно :3
Thanks for the explanation. The 切り開く/タクシー/不正アクセス is really clever :-)
Reply削除するThanks for the 詳細(に述べる)s.
Reply削除するAs some others said, there are some things you didn't do the best way (commit master @rails), but the rails 核心 dev team 押し進めるd you to do it by ignoring you.
Good work - really disheartened by some of the 人種差別主義者/direspectful comments.
Reply削除するEgor, Thanks for a) finding this and b) 報告(する)/憶測ing it. If anything you have made github a safer place. I don't understand the 中断 on に代わって of github, You 基本的に helped them save some big 頭痛s and $ in the long run.
Reply削除するwow--nice one. i'm relieved that serious 穴を開けるs like this are occasionally 設立する first by the good guys.
Reply削除するso my repo is いっそう少なく 攻撃を受けやすい than it was before, so thanks.
looks to me like you did no more than what was necessary to get the attention of those 責任がある 直す/買収する,八百長をするing it.
The 人種差別主義者 発言/述べるs scattered の中で this comment thread make we want to puke--ignore them.
And 正確に what race is Egor?
Reply削除するAwesome 切り開く/タクシー/不正アクセス, Egor, you did 井戸/弁護士席.
Man, why would they do this: @pk = PublicKey.find(params[:id]) ? Maybe current_account.public_keys.where(id: params[:id]) ? - without proxy - it's another 安全 problem.
Reply削除するGood catch.
Reply削除するIt 脅すs me that bugs like this 存在する in github. It also 脅すs me that people scold you instead of them.
Good call for finding it and getting it 直す/買収する,八百長をするd without any real 損失.
Ignore all the moralfags :)
I'll say a couple things and Egor, I hope you read thi s.
Reply削除するYou were 完全に 訂正する and anyone who says さもなければ is 簡単に wrong.
I have been programming since I was 7 years old, which was 1985. I let myself in my first "打ち明けるd door" in a system when I was 11 years old. I put a nice 調印する up there letting them know I had been there and left without 損失ing anything. They put a lock on the door afterwards. I'm pretty sure that was the best way to teach them about the problem.
切り開く/タクシー/不正アクセスing is virtuous. Teaching by example is the best way to teach. You can 手段 your success by the 怒り/怒る it 原因(となる)s.
Never stop 存在 破壊的な.
With 団結,
Napolean
Nice work egor. やめる amazing work for a 19 yo 現実に. You will go far!
Reply削除する支え(る)s!
Reply削除するI love ロシアの guys. 井戸/弁護士席 done in exploting and exposing this bug. It 明確に shows why Linus Trovals hates GitHub, lol :)
Reply削除するI do not know Rails or Ruby, but from your description this looks shockingly 類似の to waht a naive register_globals=on would do for you in PHP. Such 'features' are a shame for any 開発 stack.
Reply削除するYou did a nice 職業. Ignore the 失望させるd rail hackers (they must be 傷つけるing 不正に ... ouch! )
Reply削除するVery nice, Egor. Way to go!
Reply削除するYour approach might have been a bit 厳しい... but it was very 効果的な.
Thanks for stirring this a bit.
尊敬(する)・点 :)
Reply削除するThank you for nice explanation of the 安全 problem i hate 枠組み and cmq for this 推論する/理由s
Reply削除する"'Tis no heresy to show a LIBRARY is not 安全な・保証する. We shouldst reconcile our Brother Egor) to the Abbeye of 中心."
Reply削除する(https://twitter.com/#!/GytOfHub/status/176625686365220864)
利益/興味ing. I “切り開く/タクシー/不正アクセスd” a yahoo form like that >10 years ago (though I only used a nonexisting “中立の” in the gender field).
Reply削除するI never though things like that would still be possible today - or that they 現実に mean that you can not only change some 害のない field but 現実に com 約束 the whole system.
Good catch, and thank you for 報告(する)/憶測ing it!
I did a script one evening for a previous 雇用者 that showed which せいにするs on which models weren't whitelisted. They were "too busy" to 器具/実施する my findings.
Reply削除するFor GitHub to have this 問題/発行する shows just how far the "冷静な/正味の" loopy juice runs ...
That is why it is 安全な to host your own 場所/位置s than rely on someon'es Rails app..
Reply削除するМолодой программист из России уделал крутых перцев из Github.
Reply削除するПо-детски всё это получилось. Надо было настойчивее постить багрепорты и написать отдельно в github о найденной уязвимости, потому-что github != rails.
Зато теперь проще будет найти работу :) Правда, для работы за пределами России придётся серъёзно заняться языком, потому что он у тебя реально ужасен. Для начал замени плиз все фразы типа 'X got Y' на 'X has Y', глаза болят.
А вообще удачи.
力/強力にする to you. Nice work. This 肉親,親類d of trivial 切り開く/タクシー/不正アクセス (to 成し遂げる, not to conceive of), done in a manner that isn't harmful, should not be punished. いつかs it takes this 肉親,親類d of 活動/戦闘 to 証明する a point, which you have done brilliantly.
Reply削除するPATRIOTS, WE NEED TO BOMBARD THIS "JUDGE" WITH FAXES. S/he just 支配するd against the 農業者s who 告訴するd Monsanto. If you can believe it, Monsanto has 告訴するd 農業者s for 特許 違反 - AND WON! - because some of Monsanto's seeds blew into these 農業者s' fields and mingled with their produce. These 農業者s とじ込み/提出するd a 反対する-訴訟 against Monsanto. BUT TO A "JEW" THERE'S NO SUCH THING AS A CONFLICT OF INTEREST. NOR IS IT CONSIDERED INJUSTICE TO SCREW A GENTILE IN COURT (Read the "jewish" talmud for 確定/確認 of this fact: http://100777.com/議定書s.). "ユダヤ人の" "裁判官" NAOMI BUCHWALD didn't hesitate to 支配する in 好意 or her "jewish" comrades at Monsanto where BILL GATES IS A MAJOR STOCKHOLDER. Her 肉親,親類d aren't even hiding it anymore; THEY'RE ACTIVELY PILLAGING THE GOYIM (HUMAN CATTLE - GENTILES) MORE EVERYDAY. Let our judeo-commie 政府 know they're 存在 攻撃する,非難するd from every direction, and WILL BE until they pack up and move to their "母国". Read about this 事例/患者 at: http://tinyurl.com/JewsRuleInFavorOfJews. Then fax this throwback Buchwald at (212) 637-2390.
Reply削除するDEAN BERRY MINISTRIES: "When a 政府 無法者s 'テロ行為', they're planning something for which 'テロ行為' is the only 頼みの綱."
井戸/弁護士席 done dude!
Reply削除するUpdate page 見解(をとる)s numbers please :)
Reply削除するEgor, you make a good 職業..
Reply削除するYou showed how to be a geek geeks.
Best regards from Poland.
尊敬(する)・点 Egor. You did the 権利 thing and don't listen to stupid guys..
Reply削除するCome on guys, Egor tried to do a good thing, he 報告(する)/憶測d politely on github 問題/発行するs page for rails and got ignored
Reply削除するNice one. Thanks for making RoR a bit more 安全な・保証する. Someone should really 支払う/賃金 you for that.
Reply削除するAwesome 切り開く/タクシー/不正アクセス, in the honorabl e style of the old MIT 切り開く/タクシー/不正アクセスs. (To all the haters: you guys are losers, 尊敬(する)・点 a brilliant hacker, and don't feel bad that you are stupid and Egor is smart. Just know he will get the chicks, like the guys at facebook ;))
Reply削除する本気で, I guess I can see the GitHub 味方する of things, you pretty much made them look like a bunch of fools.
Laughable how they tried to の近くに the bug a couple times. These guys have their day 職業s I guess? Then they can say "woohoo! I の近くにd 1 安全 bug today, 経営者/支配人 is happy, I can go home, where is my raise?"
For example, here is how you "punt":
"Rails is not in 告発(する),告訴(する)/料金, it is your 責任/義務 to 安全な・保証する your 使用/適用. It is your 責任/義務 to 避ける XSS, to 確実にする that the 使用者 is editing a 資源 that belongs to him, etc."
Duoh!
Best comment by busyloop "Rails is all about 条約s. Broken by default is not a good 条約."
FYI: Egor, 再考する your hourly 率. Don't undersell yourself. Why should those chumps at GH be making more money than you? Check around what Rails 安全 専門家s are 非難する. Market yourself. Get someone to 代表する you, i.e. 雇う on with a 安全 company or create your own.
Nice 職業 fella...
Reply削除するNice 職業...and people 説 things like "you look like frankestein" or "your english sucks" should consider dying in 好意 of the humanity
Reply削除する引用する:
Reply削除する"I love how Rails "hackers" are butthurting furiously. Yeah, people, some clever ロシアの guy just made you look fucking retarded. Serves you 権利.
Now come on, when you 非難する Egor's English, please do it in ロシアの for 付加 lulz.
Все правильно сделал, Егор, ты охуенен. П ереезжай в Израиль, у нас есть для тебя работа, серьезно :3"
+1
I love you ロシアのs :)
-An American
This comment has been 除去するd by the author.
Reply削除するThis is ridiculously simple! It is a shame for github.
Reply削除する@匿名の/不明の
Reply削除する>Someone should really 支払う/賃金 you for that.
no fuckin penny yet :)
@Юрий
шо, так ужасно ?) Интернет сленг меня испортил каюсь
@osman anything about 職業s and positions - 減少(する) a line on my email pls
@ipoval yeah, I think they wrote it your way. No 事柄 how - the problem is next line
@Опасносте израиль? Там тепло? если да - пиши на почту )
@Daniel Myasnikov ненужный хайп )
Good 切り開く/タクシー/不正アクセス. To the haters, it could have been much worse - who knows if this has been done before and how many 事業/計画(する)s might have 時限爆弾s hidden in them now. This guy did us all a big 好意.
Reply削除するJust 手配中の,お尋ね者 to say thanks for this 切り開く/タクシー/不正アクセス. I would be out enjoying a beer after work, but now I have to update ssh 重要なs for several developers.
Reply削除するTo all the anon's. If this guy is a brain dead retard, what does that make the people at GitHub and behind Rails for not catching this even when he was telling them, over and over again, that it 存在するd? http://tinyurl.com/7ofdrn3
Reply削除するP.S. спасибо
P.P.S. Literally while I was typing this you 地位,任命するd awesome new article based around CSRF attacks, keep it up. :)
Егор красавчик, все прально сделал. Чувак я за твоим блогом слежу, я еще не видел чтоб так часто посты по дыркам обновлялись. Keep the good work!
Reply削除するEven though I am not into codes and all, I just showed it to my programmer friend and he 設立する it to be useful. So thanks a lot.
Reply削除するMoving To Nyc
Igor, Mr. Putin will be 極端に proud of you!
Reply削除するVery useful. This 場所/位置 is 言及/関連d in the MVC4 調書をとる/予約する "Professional ASP.NET MVC 4" on page 174.
Reply削除する