A couple of days ago I was doing a dummy app using RoR 3.2.12 and ruby
1.9.3p194… so after play with the params for a while i realized that
i’m able to skip the file extension by doing
‘’’
file="…/…/…/…/…/etc/passwd\c0000"
@data= File.read(‘public/’+file+’.txt’)
‘’’
just like the old PHP versions or some Java versions… so I though it
was a RoR’s bug. therefore I decided to report it with Aron Patterson
(from RoR sec-mailist ). who politely has helped me to figure out that
this is a bug in ruby 1.9.3p194 version.
The weirdest thing is that I’ve tested in older versions
(ruby-1.9.2-p320) getting a right outcome from my point of view [
ArgumentError (string contains null byte) ] but this one particularly
build skip that exception…
So my question should be… Is there any particular reason why in version
of ruby 1.9.3p194 the “string contains null byte” exception is not
deployed?
thanks in advance!
Christian Yerena