From 0ae473b01016f0f7ff76f370dc24f2ff1309ed60 Mon Sep 17 00:00:00 2001 From: jvazquez-r7 Date: Wed, 13 Feb 2013 09:52:17 +0100 Subject: [PATCH] info updated with rails information --- modules/auxiliary/admin/http/rails_devise_pass_reset.rb | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/modules/auxiliary/admin/http/rails_devise_pass_reset.rb b/modules/auxiliary/admin/http/rails_devise_pass_reset.rb index af7a02dd02..c242cefe8b 100644 --- a/modules/auxiliary/admin/http/rails_devise_pass_reset.rb +++ b/modules/auxiliary/admin/http/rails_devise_pass_reset.rb @@ -26,7 +26,10 @@ class Metasploit3 < Msf::Auxiliary but these may require adjustment for implementations which customize them. Affects Devise < v2.2.3, 2.1.3, 2.0.5 and 1.5.4 when backed by any database - except PostgreSQL or SQLite3. Tested with v2.2.2, 2.1.2, and 2.0.4. + except PostgreSQL or SQLite3. Tested with v2.2.2, 2.1.2, and 2.0.4 on Rails + 3.2.11. Patch applied to Rails 3.2.12 should prevent exploitation of this + vulnerability, by quoting numeric values when comparing them with non numeric + values. }, 'Author' => [ @@ -40,7 +43,8 @@ class Metasploit3 < Msf::Auxiliary [ 'OSVDB', '89642' ], [ 'BID', '57577' ], [ 'URL', 'http://blog.plataformatec.com.br/2013/01/security-announcement-devise-v2-2-3-v2-1-3-v2-0-5-and-v1-5-3-released/'], - [ 'URL', 'http://www.phenoelit.org/blog/archives/2013/02/05/mysql_madness_and_rails/index.html'] + [ 'URL', 'http://www.phenoelit.org/blog/archives/2013/02/05/mysql_madness_and_rails/index.html'], + [ 'URL', 'https://github.com/rails/rails/commit/921a296a3390192a71abeec6d9a035cc6d1865c8' ] ], 'DisclosureDate' => 'Jan 28 2013' ))