# Ruby on Rails

**Blogs / Articles / Writeups / Presentations:**

* <https://hackerone.com/reports/134321>
* [Airbnb - Ruby on Rails String Interpolation led to Remote Code Executionbuer.haus](https://buer.haus/2017/03/13/airbnb-ruby-on-rails-string-interpolation-led-to-remote-code-execution/)
* <https://rhys.io/post/rce-in-ruby-using-mustache-templates>
* <https://robertheaton.com/2013/07/22/how-to-hack-a-rails-app-using-its-secret-token/>
* <https://chybeta.github.io/2019/03/16/Analysis-for%E3%80%90CVE-2019-5418%E3%80%91File-Content-Disclosure-on-Rails/>
* <https://t.co/XmASzMEMAb?amp=1>
* <https://edoverflow.com/2017/ruby-resolv-bug/>
* <https://www.slideshare.net/Railwaymen_org/ror-workshop-web-applications-hacking-ruby-on-rails-example>
* <https://twitter.com/_devalias/status/1194461246394753025>
* <https://blog.heroku.com/rails-asset-pipeline-vulnerability#:~:text=Released%20in%20CVE%2D2018%2D3760,set%20to%20compile%20at%20runtime.&text=If%20Sprockets%20can't%20find,asset%20that%20matches%20the%20request.>

**Cheatsheet:**

* <https://github.com/brunofacca/zen-rails-security-checklist>
* <https://github.com/edwardqiu/awesome-rails-security>

**Labs:**

* <https://twitter.com/PentesterLab/status/1174476446376398848>[h ](https://towardsdatascience.com/building-a-vulnerable-rails-application-for-learning-2a1de8cf98d5)
* <https://towardsdatascience.com/building-a-vulnerable-rails-application-for-learning-2a1de8cf98d5>

**Twitter Threads:**

* <https://twitter.com/orange_8361/status/817658441598574592>
* <https://twitter.com/chybeta/status/1106752671057395712>
* <https://twitter.com/_devalias/status/1173806552723050497>
* <https://twitter.com/_ayoubfathi_/status/1108341801193213952>
* <https://twitter.com/intigriti/status/1177178910397796353>
* <https://twitter.com/ph0rensic/status/1151640168417374208>
* <https://twitter.com/Wh11teW0lf/status/1062043483786149888>
* <https://twitter.com/search?q=CVE-2019-5418&src=typed_query>
* <https://twitter.com/s0md3v/status/1177183347887312897>
* <https://twitter.com/Wesecureapp_RD/status/1171726890857459712>
* [When auditing Ruby on Rails apps, always search for .js.erb views files. There is a stupid pattern called "Server-generated JavaScript Responses" which is a way to bypass SOP and inject content via JavaScript files (just like JSONP) which leads to XSSI.](https://twitter.com/lean0x2f/status/1205335920507006977)
* [CSRF using PUT , DELETE is possible in ruby on rails frameworks if you see a hidden field called \_method in the request (if it dont exist try to add it) set its value to PUT or DELETE and then submit a GET or POST request it will override the HTTP Verb and success the attack .](https://twitter.com/secmind009/status/1205669730331373568)
* [API TIP: 4/31- Testing a Ruby on Rails App & noticed an HTTP parameter containing a URL? Developers sometimes use "Kernel#open" function to access URLs == Game Over. Just send a pipe as the first character and then a shell command (Command Injection by design)](https://twitter.com/traceableai/status/1213495503981305858)
* <https://twitter.com/m4ll0k2/status/1112119619396030466>
* <https://github.com/mpgn/CVE-2019-5418>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://gowthams.gitbook.io/bughunter-handbook/list-of-vulnerabilities-bugs/ruby-on-rails.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.