Skip to content

Instantly share code, notes, and snippets.

@eddanger
Created June 4, 2015 20:47
Show Gist options
  • Save eddanger/9408317d5d508d8e9ba7 to your computer and use it in GitHub Desktop.
Save eddanger/9408317d5d508d8e9ba7 to your computer and use it in GitHub Desktop.
Mongo BSON Injection: Ruby Regexps Strike Again
# http://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html
# There’s a subtle bug in BSON-ruby implementation, leading in best case
# scenario to low-severity DoS, but most likely to critical BSON Injection
# (similar to SQL injection) - depends on gem versions you use.
# b = Moped::BSON::ObjectId
# puts "Injection!" if b.legal? "a"*24+"\na"
# puts "DOS" if b.legal? "a"*24+"\n"
module Moped
module BSON
class ObjectId
def self.legal?(s)
/\A\h{24}\z/ === s.to_s
end
end
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment