Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

When the recent RCE exploits came out, the idea of a bunch of people running Rails dev environments on their laptops on 0.0.0.0:3000 became a lot scarier. Even if an intruder getting into a corporate network and scanning for Rails apps sounds unlikely, there are plenty of opportunities on public networks (e.g. all those Rails hipsters at coffeeshops).


The nasty thing was that no "getting into corporate network and scanning" was required. All you had to manage was to get some browser to send a maliciously crafted request to a vulnerable app. It's easy to just have a snippet of javascript code that just posts to localhost:3000 in the hope of hitting an app. Embed that snippet on a forum that lots of rails developers visit - instant pwnage. It's spray and pray, granted, but as long as you're not trying to hit a specific target that should give you plenty of root shells on developer machines.


Good point, even better.


People developing apps in coffeeshops is a serious threat, you're right.

Edit: Sorry if anyone thought this was supposed to be sarcastic; it wasn't.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: