High |
HomeController |
test_command |
Command Injection |
Possible command injection near line 34: `ls #{params[:file_name]}` |
High |
HomeController |
test_more_ways_to_execute |
Command Injection |
Possible command injection near line 146: Open3.capture2("ls #{params[:dir]}") |
High |
HomeController |
test_more_ways_to_execute |
Command Injection |
Possible command injection near line 147: Open3.capture2e("ls #{params[:dir]}") |
High |
HomeController |
test_more_ways_to_execute |
Command Injection |
Possible command injection near line 148: Open3.capture3("ls #{params[:dir]}") |
High |
HomeController |
test_more_ways_to_execute |
Command Injection |
Possible command injection near line 149: Open3.pipeline("sort", "uniq", :in => (params[:file])) |
High |
HomeController |
test_more_ways_to_execute |
Command Injection |
Possible command injection near line 150: Open3.pipeline_r("sort #{params[:file]}", "uniq") |
High |
HomeController |
test_more_ways_to_execute |
Command Injection |
Possible command injection near line 151: Open3.pipeline_rw(params[:cmd], "sort -g") |
High |
HomeController |
test_more_ways_to_execute |
Command Injection |
Possible command injection near line 152: Open3.pipeline_start(*params[:cmds]) |
High |
HomeController |
test_more_ways_to_execute |
Command Injection |
Possible command injection near line 154: POSIX::Spawn.spawn(params[:cmd]) |
High |
HomeController |
test_command |
Command Injection |
Possible command injection near line 36: system(params[:user_input]) |
High |
HomeController |
test_more_ways_to_execute |
Command Injection |
Possible command injection near line 153: spawn("some_cool_command #{params[:opts]}") |
High |
User |
sanitized_profile |
Cross Site Scripting |
Rails 3.0.3 has a vulnerability in sanitize: upgrade to 3.2.13 or patch near line 40: sanitize(self.profile.to_s) |
High |
|
|
Cross Site Scripting |
Versions before 3.0.10 have a vulnerability in strip_tags (CVE-2011-2931) |
High |
HomeController |
test_eval |
Dangerous Eval |
User input in eval near line 40: eval(params[:dangerous_input]) |
High |
|
|
Default Routes |
All public methods in controllers are available as actions in routes.rb near line 101 |
High |
|
|
Denial of Service |
json_pure gem version 1.6.4 has a symbol creation vulnerablity: upgrade to 1.6.8 |
High |
|
|
Denial of Service |
Rails 3.0.3 has a denial of service vulnerability (CVE-2014-0082). Upgrade to Rails version 3.2.17 |
High |
|
|
Denial of Service |
Vulnerability in digest authentication (CVE-2012-3424). Upgrade to Rails version 3.0.16 |
High |
HomeController |
test_file_access |
File Access |
Parameter value used in file name near line 24: File.open(((RAILS_ROOT + "/") + params[:file])) |
High |
HomeController |
test_yaml_file_access |
File Access |
Parameter value used in file name near line 109: YAML.parse_file(("whatever/" + params[:file_name])) |
High |
HomeController |
test_load_params |
File Access |
Parameter value used in file name near line 67: load(params[:file]) |
High |
OtherController |
test_send_file |
File Access |
Parameter value used in file name near line 21: send_file(params[:file]) |
High |
Account |
mass_assign_it |
Mass Assignment |
Unprotected mass assignment near line 9: Account.new(params[:account_info]) |
High |
HomeController |
test_mass_assignment |
Mass Assignment |
Unprotected mass assignment near line 54: User.new(params[:user]) |
High |
HomeController |
test_model_build |
Mass Assignment |
Unprotected mass assignment near line 73: User.new.something.something.build(params[:awesome_user]) |
High |
HomeController |
test_more_mass_assignment_methods |
Mass Assignment |
Unprotected mass assignment near line 114: User.first_or_create(params[:user]) |
High |
HomeController |
test_more_mass_assignment_methods |
Mass Assignment |
Unprotected mass assignment near line 116: User.first_or_initialize!(params[:user]) |
High |
HomeController |
test_more_mass_assignment_methods |
Mass Assignment |
Unprotected mass assignment near line 119: User.find(1).assign_attributes(params[:update]) |
High |
HomeController |
test_more_mass_assignment_methods |
Mass Assignment |
Unprotected mass assignment near line 118: User.update(1, params[:update]) |
High |
HomeController |
test_redirect |
Redirect |
Possible unprotected redirect near line 45: redirect_to(params) |
High |
HomeController |
test_only_path_wrong |
Redirect |
Possible unprotected redirect near line 77: redirect_to(params[:user], :only_path => (true)) |
High |
HomeController |
test_url_for_only_path |
Redirect |
Possible unprotected redirect near line 83: redirect_to(url_for(params)) |
High |
HomeController |
test_yaml_file_access |
Remote Code Execution |
YAML.load called with parameter value near line 106: YAML.load("some/path/#{params[:user][:file]}") |
High |
HomeController |
test_yaml_load |
Remote Code Execution |
YAML.load called with parameter value near line 123: YAML.load(params[:input]) |
High |
HomeController |
test_more_yaml_methods |
Remote Code Execution |
YAML.load_documents called with parameter value near line 130: YAML.load_documents(params[:input]) |
High |
HomeController |
test_more_yaml_methods |
Remote Code Execution |
YAML.load_stream called with cookie value near line 131: YAML.load_stream(cookies[:thing]) |
High |
HomeController |
test_more_yaml_methods |
Remote Code Execution |
YAML.parse_documents called with parameter value near line 132: YAML.parse_documents("a: #{params[:a]}") |
High |
|
|
Remote Code Execution |
Rails 3.0.3 has a serious JSON parsing vulnerability: upgrade to 3.0.20 or patch |
High |
HomeController |
test_sql |
SQL Injection |
Possible SQL injection near line 30: User.first(:conditions => ("name = '#{params[:name]}'")) |
High |
OtherController |
test_sql_deletes |
SQL Injection |
Possible SQL injection near line 57: User.delete_all("name = #{params[:name]}") |
High |
OtherController |
test_sql_deletes |
SQL Injection |
Possible SQL injection near line 58: User.destroy_all("human = #{User.current.humanity}") |
High |
User |
sql_in_if_branches |
SQL Injection |
Possible SQL injection near line 32: User.where((z or "name like '%#{params[:name]}%'")) |
High |
|
|
SQL Injection |
Rails 3.0.3 contains a SQL injection vulnerability (CVE-2013-6417). Upgrade to 3.2.16 |
High |
|
|
SQL Injection |
Rails 3.0.3 contains a SQL injection vulnerability (CVE-2012-2660). Upgrade to 3.0.13 |
High |
|
|
SQL Injection |
Rails 3.0.3 contains a SQL injection vulnerability (CVE-2012-5664). Upgrade to 3.0.18 |
High |
|
|
SQL Injection |
Rails 3.0.3 contains a SQL injection vulnerability (CVE-2013-0155). Upgrade to 3.0.19 |
High |
|
|
SQL Injection |
Rails 3.0.3 contains a SQL injection vulnerability (CVE-2012-2661). Upgrade to 3.0.13 |
High |
|
|
SQL Injection |
Rails 3.0.3 contains a SQL injection vulnerability (CVE-2012-2695). Upgrade to 3.0.14 |
High |
|
|
Session Setting |
Session cookies should be set to HTTP only near line 3 |
High |
|
|
Session Setting |
Session cookie should be set to secure only near line 3 |
Medium |
OtherController |
test_command_injection_locals |
Command Injection |
Possible command injection near line 48: `#{some_command}` |
Medium |
OtherController |
test_command_injection_locals |
Command Injection |
Possible command injection near line 49: system("ls #{some_files}") |
Medium |
|
|
Cross Site Scripting |
Rails 3.0.3 has a vulnerabilty in SafeBuffer. Upgrade to 3.0.12 or apply patches. |
Medium |
|
|
Cross Site Scripting |
Versions before 3.0.11 have a vulnerability in the translate helper with keys ending in _html. |
Medium |
|
|
Cross Site Scripting |
Rails 3.0.3 has a vulnerability in number helpers (CVE-2014-0081). Upgrade to Rails version 3.2.17 |
Medium |
|
|
Cross Site Scripting |
Rails 3.0.3 does not escape single quotes (CVE-2012-3464). Upgrade to 3.0.17 |
Medium |
|
|
Denial of Service |
Rails 3.0.3 has a denial of service vulnerability (CVE-2013-6414). Upgrade to Rails version 3.2.16 |
Medium |
HomeController |
test_dynamic_render |
Dynamic Render Path |
Render path contains parameter value near line 63: render(file => "/some/path/#{params[:page]}", {}) |
Medium |
ProductsController |
create |
Mass Assignment |
Unprotected mass assignment near line 43: Product.new(params[:product]) |
Medium |
ProductsController |
update |
Mass Assignment |
Unprotected mass assignment near line 62: Product.find(params[:id]).update_attributes(params[:product]) |
Medium |
HomeController |
test_yaml_load |
Remote Code Execution |
YAML.load called with cookie value near line 125: YAML.load(x(cookies[:store])) |
Medium |
HomeController |
test_yaml_load |
Remote Code Execution |
YAML.load called with model attribute near line 126: YAML.load(User.first.bad_stuff) |
Medium |
HomeController |
test_more_yaml_methods |
Remote Code Execution |
YAML.parse_stream called with model attribute near line 133: YAML.parse_stream(User.find(1).upload) |
Medium |
HomeController |
test_sql |
SQL Injection |
Possible SQL injection near line 29: User.all(:conditions => ("status = '#{happy}'")) |
Medium |
HomeController |
test_sql |
SQL Injection |
Possible SQL injection near line 28: User.find_by_sql("select * from users where something = '#{(local some_var)}'") |
Medium |
OtherController |
test_sql_to_s |
SQL Injection |
Possible SQL injection near line 68: Product.find(:all, :conditions => (("product_status_id = " + (local status).to_s))) |
Medium |
OtherController |
test_sql_to_s |
SQL Injection |
Possible SQL injection near line 64: Product.where(:id => (product_id)).update_all(["#{"#{product_action_type_key.to_s}_count"} = #{"#{product_action_type_key.to_s}_count"} + ?", delta]) |
Medium |
Underline_Model |
inject! |
SQL Injection |
Possible SQL injection near line 3: User.where("a < #{(local b)}") |
Medium |
|
|
SQL Injection |
Versions before 3.0.10 have a vulnerability in quote_table_name: CVE-2011-2930 |
Weak |
HomeController |
test_mass_assignment_with_hash |
Mass Assignment |
Unprotected mass assignment near line 58: User.new(:name => (params[:user][:name])) |
Weak |
HomeController |
test_more_mass_assignment_methods |
Mass Assignment |
Unprotected mass assignment near line 115: User.first_or_create!(:name => (params[:user][:name])) |