This vulnerability has been supplanted by CVE-2013-0333. See https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/1h2DR63ViGo for more details.
A replacement for this script, covering CVE-2013-0333, can be found at https://github.com/heroku/heroku-CVE-2013-0333