Skip to content
Permalink
Browse files
wow how come I commit in master? O_o
  • Loading branch information
homakov committed Mar 4, 2012
1 parent 4d391a4 commit b83965785db1eec019edf1fc272b1aa393e6dc57
Showing 1 changed file with 3 additions and 0 deletions.
3 hacked
@@ -0,0 +1,3 @@
another showcase of rails apps vunlerability.

This comment has been minimized.

Copy link
@jsauve

jsauve Mar 8, 2012

He can hack...but can he spell?

This comment has been minimized.

Copy link
@AlekSi

AlekSi Mar 8, 2012

I guess you should do the same in Russian then. ;)

This comment has been minimized.

Copy link
@jsauve

jsauve Mar 8, 2012

Голос перегиба мой юмор не очень хорошо переведены на русский ;)

This comment has been minimized.

Copy link
@akostrikov

akostrikov Mar 29, 2012

Действительно, не очень

This comment has been minimized.

Copy link
@dreamfall

dreamfall Mar 29, 2012

Contributor

Да, чувак, с русским у тебя проблемы) # yeah, dude, you've got some problems with Russian :)

This comment has been minimized.

Copy link
@andreiglingeanu

andreiglingeanu Oct 13, 2017

probably because github's using rails internally

This comment has been minimized.

Copy link
@qm3ster

qm3ster Oct 18, 2017

Github pwned. again :(
will you pay me for security audit?

262 comments on commit b839657

@gamaral
Copy link

@gamaral gamaral commented on b839657 Mar 5, 2012

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@gfosco I can't agree more... stupid Rails. Powered Rails on the other hand, they are pretty awesome, but you do need to get a lot of gold.

@CryptoJones
Copy link

@CryptoJones CryptoJones commented on b839657 Mar 5, 2012

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When you commit in master, the terrorists win!

@oreoshake
Copy link
Contributor

@oreoshake oreoshake commented on b839657 Mar 5, 2012

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

use https://github.com/presidentbeef/brakeman, it finds mass assignment vulnerabilities pretty darn well

@mzeena
Copy link

@mzeena mzeena commented on b839657 Mar 5, 2012

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bravo!

@koopa
Copy link

@koopa koopa commented on b839657 Mar 5, 2012

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good job mate :)
you did the right thing in my opinion. no harm done but great way to get attention for a critical issue

@tinogomes
Copy link
Contributor

@tinogomes tinogomes commented on b839657 Mar 5, 2012

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@oreoshake awesome tool +1

@Petah
Copy link

@Petah Petah commented on b839657 Mar 6, 2012

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh no you didnt

@pearcec
Copy link

@pearcec pearcec commented on b839657 Mar 6, 2012

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Petah what were you thinking?

@stevenseeley
Copy link

@stevenseeley stevenseeley commented on b839657 Mar 6, 2012

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LOL

@kirkbushell
Copy link

@kirkbushell kirkbushell commented on b839657 Mar 6, 2012

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What an interesting discussion. Point of the matter is - the guy pointed out a vulnerability, some people decided it should be ignored (being a security issue that's a pretty big problem), so he made it even more obvious to the entire community and some people are putting him down for it. Absolute joke.

@Ocramius
Copy link

@Ocramius Ocramius commented on b839657 Mar 6, 2012

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wow, now really, how much will it take to have also a register_globals -like functionality? =)
Seriously rails? :|

@rishta
Copy link

@rishta rishta commented on b839657 Mar 6, 2012

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Ocramius and @Others:
register_globals and magic_quotes are deprecated and have been removed in latest versions of PHP, so you don't shine and unless you're being vaguely sarcastic, you show you lack skill.

@Ocramius
Copy link

@Ocramius Ocramius commented on b839657 Mar 6, 2012

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@rishta you don't say? :D

@pwlin
Copy link

@pwlin pwlin commented on b839657 Mar 6, 2012

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@rishta
Your comment lacks a certain level of understanding the joke.
Of course they are deprecated, because PHP - by design - is no more vulnerable to this sort of attacks. That was the whole point.
By not fixing these holes in a default installation, RoR now scores even lower than PHP of 5 years ago.

@jberger
Copy link

@jberger jberger commented on b839657 Mar 6, 2012

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@github, pretty please is there some way to turn off notifications from this thread without turning off all commit comment notifications?

@mishak87
Copy link

@mishak87 mishak87 commented on b839657 Mar 6, 2012

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If PHP code is producing errors with register_globals on you are terrible terrible programmer. If you are using magic_quotes you are simply stupid.

@warmwaffles
Copy link

@warmwaffles warmwaffles commented on b839657 Mar 6, 2012

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If PHP code is producing errors with register_globals on you are terrible terrible programmer. If you are using magic_quotes you are simply stupid.

But I like magic! David Blaine is soo cool

@ixti
Copy link
Contributor

@ixti ixti commented on b839657 Mar 6, 2012

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jberger I use Firebug: $('.del a').click() on notification page to get rid of approx 10 messages per hour from this thread :))

@breakliu
Copy link

@breakliu breakliu commented on b839657 Mar 7, 2012

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

wow

@dreamr
Copy link

@dreamr dreamr commented on b839657 Mar 7, 2012

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Welcome to Rails :) If you aren't using attr_accessible Santa kills 3 kittens for every vulnerable model.

@believe3301
Copy link

@believe3301 believe3301 commented on b839657 Mar 8, 2012

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

wow

@Mithgol
Copy link

@Mithgol Mithgol commented on b839657 Mar 8, 2012

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dreamr

Santa kills 3 kittens for every vulnerable model

In this case there was a dead octokitten.

@darth10
Copy link

@darth10 darth10 commented on b839657 Mar 8, 2012

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

holy crap

@MechanisM
Copy link

@MechanisM MechanisM commented on b839657 Mar 8, 2012

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@kevinpostal
Copy link

@kevinpostal kevinpostal commented on b839657 Mar 8, 2012

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pagination for the win..

@homakov
Copy link
Contributor Author

@homakov homakov commented on b839657 Mar 8, 2012

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@larzconwell
1 there is 'mark all as read' button on notif. tab
2 Why you think clearing messages should help. I am 100% sure they have table for participating users and you will be there FOR EVERS

@kelliott
Copy link

@kelliott kelliott commented on b839657 Mar 8, 2012

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Damnit, can't I go one day without having to see Michael Jackson?

@wilmoore
Copy link

@wilmoore wilmoore commented on b839657 Mar 9, 2012

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+rails +security = "none found"

@brodock
Copy link

@brodock brodock commented on b839657 Mar 10, 2012

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Epic commit is epic!

@daliborfilus
Copy link

@daliborfilus daliborfilus commented on b839657 Mar 10, 2012

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why I still get notifications about this thread when I unsubscribed few days ago and according to the bottom of this page they are properply off? :/

@ajukraine
Copy link

@ajukraine ajukraine commented on b839657 Mar 10, 2012

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Рейлз розробник: секюріті? нє, не слихал!

(ukrainian)

@Mithgol
Copy link

@Mithgol Mithgol commented on b839657 Mar 11, 2012

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@noice

Why I still get notifications about this thread when I unsubscribed few days ago and according to the bottom of this page they are properly off? :/

Check the «Comments after me on commits» setting in your Notification Center.

@daliborfilus
Copy link

@daliborfilus daliborfilus commented on b839657 Mar 13, 2012

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Mithgol thanks!

@jfahrenkrug
Copy link

@jfahrenkrug jfahrenkrug commented on b839657 Mar 14, 2012

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wow, all these animated gifs make me feel like I'm on a 1996 Geocities page.

@Ocramius
Copy link

@Ocramius Ocramius commented on b839657 Mar 14, 2012

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jfahrenkrug that's exactly what they're meant for... We're commenting on 1996's web applications' security issues :D

@rusllonrails
Copy link

@rusllonrails rusllonrails commented on b839657 Mar 24, 2012

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Хомяков Ты крут )

@chucai
Copy link

@chucai chucai commented on b839657 Apr 6, 2012

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

有意思

@arbing
Copy link

@arbing arbing commented on b839657 May 23, 2012

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

好欢乐呀

@odiszapc
Copy link

@odiszapc odiszapc commented on b839657 Jun 11, 2012

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Egor Letov live!

@hinagiku
Copy link

@hinagiku hinagiku commented on b839657 Apr 18, 2013

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

万火留= =

@collaroid
Copy link

@collaroid collaroid commented on b839657 Oct 22, 2013

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

已火留。。。

@hutusi
Copy link

@hutusi hutusi commented on b839657 Jun 5, 2014

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

😷

@dandv
Copy link

@dandv dandv commented on b839657 Nov 19, 2014

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What if someone introduced very hard to detect vulnerabilties in popular software packages and libraries by altering commits long ago in the history of the projects?

We'd never know.

What if this has already happened?

@seuros
Copy link
Member

@seuros seuros commented on b839657 Nov 19, 2014

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Git is not centralized, everybody will notice that once he/she try to push to the repo since the SHA will not match.

@kirushyk
Copy link

@kirushyk kirushyk commented on b839657 Jun 25, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:-)

@paralin
Copy link

@paralin paralin commented on b839657 Jul 7, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dandv Man, I'm seeing you everywhere.

@seuros is right, though. You can't pull from a repository with altered commit history without huge flames and explosions.

@bsh314
Copy link

@bsh314 bsh314 commented on b839657 Dec 14, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well, Egor deserves a cookie. Give it to him! Medium

@egeersoz
Copy link

@egeersoz egeersoz commented on b839657 Dec 15, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Egor for president!!!

@mozillo
Copy link

@mozillo mozillo commented on b839657 Feb 24, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

vulnerability

@sebie
Copy link

@sebie sebie commented on b839657 Apr 29, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Over four years now.. 😃

@YasserGersy
Copy link

@YasserGersy YasserGersy commented on b839657 Oct 25, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💃

@samrocketman
Copy link

@samrocketman samrocketman commented on b839657 Jan 14, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

2017, comment for every year so far.

@geluso
Copy link

@geluso geluso commented on b839657 Jan 2, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

2018

@aveao
Copy link

@aveao aveao commented on b839657 Feb 26, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

2019, and no, I'm not sorry for sending a notification to thousands of people about this.

@PrincessOfEvil
Copy link

@PrincessOfEvil PrincessOfEvil commented on b839657 Jan 1, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. Sorry not sorry.

@RedGuys
Copy link

@RedGuys RedGuys commented on b839657 Jan 2, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  1. lol.

@cw1997
Copy link

@cw1997 cw1997 commented on b839657 Oct 24, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

?

@jeffhc
Copy link

@jeffhc jeffhc commented on b839657 Jan 26, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

2022!

@alexgurrola
Copy link

@alexgurrola alexgurrola commented on b839657 Sep 14, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

2022!

why the necro post? 🤣

@ulidtko
Copy link

@ulidtko ulidtko commented on b839657 Sep 14, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why the necro post? rofl

because too many things in programming don't get old.

Please sign in to comment.