New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

3012 #5239

Closed
homakov opened this Issue Mar 2, 2012 · 47 comments

Comments

Projects
None yet
@homakov
Contributor

homakov commented Mar 2, 2012

Hey. Where is a suicide booth?

from 3012 with love

You should check it ... #5228 :trollface:
[CONTENT IS FOR SALE EITHER]

@drogus

This comment has been minimized.

Show comment
Hide comment
@drogus

drogus Mar 2, 2012

Member

Good one ;)

Member

drogus commented Mar 2, 2012

Good one ;)

@drogus drogus closed this Mar 2, 2012

@kennyj

This comment has been minimized.

Show comment
Hide comment
@kennyj

kennyj Mar 2, 2012

Contributor

I'm closing it (again).
@drogus was close it, but it still open.
github bug?

Contributor

kennyj commented Mar 2, 2012

I'm closing it (again).
@drogus was close it, but it still open.
github bug?

@kennyj kennyj closed this Mar 2, 2012

@homakov

This comment has been minimized.

Show comment
Hide comment
@homakov

homakov Mar 2, 2012

Contributor

geez. github y u SO open?

(if I append state=open it turns into open. w/o any 'activity' in the bottom. You are surely ones of those who should start using attr_accessible right away :) sorry for caused inconvinience)

@drogus dat was just naughty testing. please close ticket. (I can do it by myself though :))

I am going to provide pull request shortly. IMHO rails should get configuration option like

active_record.blacklist_attributes = %w{created_at updated_at}

and in typical rails project during development process it should turn into

active_record.blacklist_attributes = %w{created_at updated_at state user_id role_id *_id rating}

Github, sorry for exploring your small bugs, I'm just overviewing security issues of rails. Be safe

Contributor

homakov commented Mar 2, 2012

geez. github y u SO open?

(if I append state=open it turns into open. w/o any 'activity' in the bottom. You are surely ones of those who should start using attr_accessible right away :) sorry for caused inconvinience)

@drogus dat was just naughty testing. please close ticket. (I can do it by myself though :))

I am going to provide pull request shortly. IMHO rails should get configuration option like

active_record.blacklist_attributes = %w{created_at updated_at}

and in typical rails project during development process it should turn into

active_record.blacklist_attributes = %w{created_at updated_at state user_id role_id *_id rating}

Github, sorry for exploring your small bugs, I'm just overviewing security issues of rails. Be safe

@homakov

This comment has been minimized.

Show comment
Hide comment
@homakov

homakov Mar 2, 2012

Contributor

ALL UR ISSUES ARE BELONG TO US
#5238

Contributor

homakov commented Mar 2, 2012

ALL UR ISSUES ARE BELONG TO US
#5238

@sikachu

This comment has been minimized.

Show comment
Hide comment
@sikachu

sikachu Mar 2, 2012

Member

Please report this bug to GitHub here: https://github.com/contact. I'm pretty sure that they're not checking Rails issue for their site's bug. Thanks.

Member

sikachu commented Mar 2, 2012

Please report this bug to GitHub here: https://github.com/contact. I'm pretty sure that they're not checking Rails issue for their site's bug. Thanks.

@jasdeepsingh

This comment has been minimized.

Show comment
Hide comment
@jasdeepsingh

jasdeepsingh Mar 4, 2012

LOL! :) Bender from Future.... Makes my day! :) Please report the bugs to GitHub....

LOL! :) Bender from Future.... Makes my day! :) Please report the bugs to GitHub....

@benatkin

This comment has been minimized.

Show comment
Hide comment
@benatkin

benatkin Mar 4, 2012

Still shows up at the top of Closed Issues.

benatkin commented Mar 4, 2012

Still shows up at the top of Closed Issues.

@lenage

This comment has been minimized.

Show comment
Hide comment
@lenage

lenage Mar 5, 2012

Nice, opened this issue 1001 years

lenage commented Mar 5, 2012

Nice, opened this issue 1001 years

@hlxwell

This comment has been minimized.

Show comment
Hide comment

hlxwell commented Mar 5, 2012

@ghost

This comment has been minimized.

Show comment
Hide comment
@ghost

ghost Mar 5, 2012

guy who made time travel possible: @homakov

ghost commented Mar 5, 2012

guy who made time travel possible: @homakov

@watson

This comment has been minimized.

Show comment
Hide comment

watson commented Mar 5, 2012

Bender

@levhita

This comment has been minimized.

Show comment
Hide comment
@levhita

levhita Mar 5, 2012

  • Stands up and applause

levhita commented Mar 5, 2012

  • Stands up and applause
@krolow

This comment has been minimized.

Show comment
Hide comment

krolow commented Mar 5, 2012

:D

@henvic

This comment has been minimized.

Show comment
Hide comment
@henvic

henvic Mar 5, 2012

omg! rofl.

henvic commented Mar 5, 2012

omg! rofl.

@thejh

This comment has been minimized.

Show comment
Hide comment
@thejh

thejh Mar 5, 2012

That was classy!

thejh commented Mar 5, 2012

That was classy!

@lockie

This comment has been minimized.

Show comment
Hide comment

lockie commented Mar 5, 2012

applause gif

@RenaKunisaki

This comment has been minimized.

Show comment
Hide comment
@RenaKunisaki

RenaKunisaki Mar 6, 2012

Wow. Just wow. So it just blindly updates any fields specified by the user? Someone skipped security 101...

Wow. Just wow. So it just blindly updates any fields specified by the user? Someone skipped security 101...

@wrzasa

This comment has been minimized.

Show comment
Hide comment
@wrzasa

wrzasa Mar 6, 2012

Bravo! ;-)

wrzasa commented Mar 6, 2012

Bravo! ;-)

@lastknight

This comment has been minimized.

Show comment
Hide comment
@lastknight

lastknight Mar 6, 2012

Kudos, m8.

Kudos, m8.

@benatkin

This comment has been minimized.

Show comment
Hide comment
@benatkin

benatkin Mar 6, 2012

like a bau5

benatkin commented Mar 6, 2012

like a bau5

@twksos

This comment has been minimized.

Show comment
Hide comment

twksos commented Mar 7, 2012

顶起

@iambowen

This comment has been minimized.

Show comment
Hide comment
@iambowen

iambowen Mar 7, 2012

碉堡了~, security problems should be treated seriously, sometimes you can't count everything on programmers. They are not all that smart to consider the security issue when busy with finishing stories.....

iambowen commented Mar 7, 2012

碉堡了~, security problems should be treated seriously, sometimes you can't count everything on programmers. They are not all that smart to consider the security issue when busy with finishing stories.....

@levhita

This comment has been minimized.

Show comment
Hide comment

levhita commented Mar 7, 2012

LOLS

@Dfred

This comment has been minimized.

Show comment
Hide comment
@Dfred

Dfred Mar 7, 2012

too bad they don't acknowledge homakov proper behavior: report... no action? ... show it. White hat style.

Dfred commented Mar 7, 2012

too bad they don't acknowledge homakov proper behavior: report... no action? ... show it. White hat style.

@ghost

This comment has been minimized.

Show comment
Hide comment
@ghost

ghost Mar 7, 2012

respect

ghost commented Mar 7, 2012

respect

@ellisonleao

This comment has been minimized.

Show comment
Hide comment

clap clap!

@steakknife

This comment has been minimized.

Show comment
Hide comment
@steakknife

steakknife Mar 7, 2012

If this doesn't deserve a defcon uberbadge (or at least a speaker slot), I don't know what does.

If this doesn't deserve a defcon uberbadge (or at least a speaker slot), I don't know what does.

@SnoFox

This comment has been minimized.

Show comment
Hide comment
@SnoFox

SnoFox Mar 7, 2012

I want to put some awesome picture or comment here to acknowledge this awesomeness, but I'm not clever enough. Still, awesome! :D

SnoFox commented Mar 7, 2012

I want to put some awesome picture or comment here to acknowledge this awesomeness, but I'm not clever enough. Still, awesome! :D

@ali

This comment has been minimized.

Show comment
Hide comment

ali commented Mar 7, 2012

@SnoFox

This comment has been minimized.

Show comment
Hide comment
@SnoFox

SnoFox Mar 7, 2012

@ali - perfect.

SnoFox commented Mar 7, 2012

@ali - perfect.

@Aelthien

This comment has been minimized.

Show comment
Hide comment
@Aelthien

Aelthien Mar 7, 2012

Are there flying cars?

Aelthien commented Mar 7, 2012

Are there flying cars?

@dazuiba

This comment has been minimized.

Show comment
Hide comment
@dazuiba

dazuiba Mar 8, 2012

看来protected attributes还真不好设置啊. github都中招了.

dazuiba commented Mar 8, 2012

看来protected attributes还真不好设置啊. github都中招了.

@mseymour

This comment has been minimized.

Show comment
Hide comment
@mseymour

mseymour Mar 9, 2012

This is awesome.

mseymour commented Mar 9, 2012

This is awesome.

@Braunson

This comment has been minimized.

Show comment
Hide comment

Wow..

@tkaw220

This comment has been minimized.

Show comment
Hide comment
@tkaw220

tkaw220 Mar 30, 2012

Great one.

tkaw220 commented Mar 30, 2012

Great one.

@benatkin

This comment has been minimized.

Show comment
Hide comment
@benatkin

benatkin Mar 30, 2012

Glad to see that the date is still intact. Way to be a good sport GitHub!

Glad to see that the date is still intact. Way to be a good sport GitHub!

@mhr

This comment has been minimized.

Show comment
Hide comment
@mhr

mhr Apr 7, 2012

hahahaha

mhr commented Apr 7, 2012

hahahaha

@pmq20

This comment has been minimized.

Show comment
Hide comment

pmq20 commented Jun 24, 2012

love it

@benatkin

This comment has been minimized.

Show comment
Hide comment

❤️

@nishanthan144

This comment has been minimized.

Show comment
Hide comment
@nishanthan144

nishanthan144 Jan 10, 2013

good example to be aware of attr_accessible

good example to be aware of attr_accessible

@guilhermesimoes

This comment has been minimized.

Show comment
Hide comment
@guilhermesimoes

guilhermesimoes Mar 4, 2013

A year after this exploit (or is it a 1000 thousand years before? 😄 ) I still find this interesting and important. May it serve as a warning and a lesson to all developers.

Congratulations on your great year @homakov!

A year after this exploit (or is it a 1000 thousand years before? 😄 ) I still find this interesting and important. May it serve as a warning and a lesson to all developers.

Congratulations on your great year @homakov!

@benatkin

This comment has been minimized.

Show comment
Hide comment
@benatkin

benatkin Mar 4, 2013

is github still on rails 2? or have they upgraded to rails 3?

benatkin commented Mar 4, 2013

is github still on rails 2? or have they upgraded to rails 3?

@aditya-kapoor

This comment has been minimized.

Show comment
Hide comment
@aditya-kapoor

aditya-kapoor Jun 3, 2013

Contributor

Nyccc....:)

Contributor

aditya-kapoor commented Jun 3, 2013

Nyccc....:)

@homakov

This comment has been minimized.

Show comment
Hide comment
@homakov

homakov Jun 3, 2013

Contributor

Title for sale, bros! It's gonna be there for next 999 years...

Contributor

homakov commented Jun 3, 2013

Title for sale, bros! It's gonna be there for next 999 years...

@killthekitten

This comment has been minimized.

Show comment
Hide comment
@killthekitten

killthekitten Jun 20, 2013

Contributor

OK, let's start placing bids. Mine will be $0.99/month

Contributor

killthekitten commented Jun 20, 2013

OK, let's start placing bids. Mine will be $0.99/month

@briandiaz

This comment has been minimized.

Show comment
Hide comment
@briandiaz

briandiaz Oct 1, 2013

Jajajajaja

Jajajajaja

@remoharsono

This comment has been minimized.

Show comment
Hide comment
@remoharsono

remoharsono Nov 9, 2013

respect. another great year @homakov

respect. another great year @homakov

@Xethron

This comment has been minimized.

Show comment
Hide comment
@Xethron

Xethron Jun 19, 2014

Seems like the date got fixed.....

Xethron commented Jun 19, 2014

Seems like the date got fixed.....

@rails rails locked and limited conversation to collaborators Jun 19, 2014

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.