【问题标题】:Rails exception; is my app vulnerable? <script>alert("xssvuln")</script>导轨异常;我的应用程序容易受到攻击吗? <script>alert("xssvuln")</script>
【发布时间】:2017-10-28 13:33:43
【问题描述】:

我的应用上安装了exception notification,昨晚我收到了一些这样的通知:

课程中发生 ActionView::Template::Error#online:

  PG::InvalidTextRepresentation: ERROR:  invalid input syntax for integer: "<script>alert("xssvuln")</script>"
LINE 1: ..."."class_type" = 'online' AND (content_areas.id = '<script>a...
                                                             ^
: SELECT "courses"."id" AS t0_r0, "courses"."title" AS t0_r1, "courses"."description" AS t0_r2, "courses"."certificate_note" AS t0_r3, "courses"."note" AS t0_r4, "courses"."ceu" AS t0_r5, "courses"."created_at" AS t0_r6, "courses"."updated_at" AS t0_r7, "courses"."slug" AS t0_r8, "courses"."old_id" AS t0_r9, "courses"."active" AS t0_r10, "courses"."sap_qualifying" AS t0_r11, "courses"."sap_renewing" AS t0_r12, "courses"."sae_qualifying" AS t0_r13, "courses"."sae_renewing" AS t0_r14, "content_areas"."id" AS t1_r0, "content_areas"."name" AS t1_r1, "content_areas"."created_at" AS t1_r2, "content_areas"."updated_at" AS t1_r3, "content_areas"."old_id" AS t1_r4 FROM "courses" INNER JOIN "course_classes" ON "course_classes"."course_id" = "courses"."id" LEFT OUTER JOIN "course_content_areas" ON "course_content_areas"."course_id" = "courses"."id" LEFT OUTER JOIN "content_areas" ON "content_areas"."id" = "course_content_areas"."content_area_id" WHERE "courses"."active" = 't' AND "cours
 e_classes"."active" = 't' AND "course_classes"."class_type" = 'online' AND (content_areas.id = '<script>alert("xssvuln")</script>')  ORDER BY "courses"."title" ASC
  app/views/courses/online.html.erb:17:in `_app_views_courses_online_html_erb___2231748092449029729_69943584017620'


-------------------------------
Request:
-------------------------------

  * URL        : https://www.my_app.org/online-courses?=%3Cscript%3Ealert(%22xssvuln%22)%3C/script%3E&content_area=%3Cscript%3Ealert(%22xssvuln%22)%3C/script%3E&search=%3Cscript%3Ealert(%22xssvuln%22)%3C/script%3E&utf8=%3Cscript%3Ealert(%22xssvuln%22)%3C/script%3E
  * HTTP Method: GET
  * IP address : 184.154.139.18
  * Parameters : {"content_area"=>"<script>alert(\"xssvuln\")</script>", "search"=>"<script>alert(\"xssvuln\")</script>", "utf8"=>"<script>alert(\"xssvuln\")</script>", "controller"=>"courses", "action"=>"online"}
  * Timestamp  : 2017-10-28 05:09:26 UTC
  * Server : localhost
  * Rails root : /home/deployer/my_app/releases/20171026113054
  * Process: 25937

在我看来,虽然查询实际失败,但确实注入了 sql。这是个问题吧?另外,&lt;script&gt;alert("xssvuln")&lt;/script&gt; 是位于模板中某处的代码还是我的某些 html 中的代码?

【问题讨论】:

    标签: ruby-on-rails security xss


    【解决方案1】:

    看起来有人正在检查您的网站是否存在跨站脚本 (XSS) 漏洞。 更具体地说,有人尝试过“Reflected XSS”,并且 alert(\"xssvuln\") 作为搜索参数传递,但幸运的是您将该参数用作导致异常的整数。

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 2011-06-21
      • 1970-01-01
      • 2013-05-30
      • 1970-01-01
      • 2020-11-13
      相关资源
      最近更新 更多