positive.security/blog/ransack-data-exfiltration
Preview meta tags from the positive.security website.
Linked Hostnames
3Thumbnail
Search Engine Appearance
Ransacking your password reset tokens | Positive Security
We demonstrate how the popular "Ransack" library (Ruby on Rails) can be abused to exfiltrate sensitive data via character by character brute-force, allowing for a full application compromise in some cases. An internet wide search identifies several hundred potentially vulnerable applications.
Bing
Ransacking your password reset tokens | Positive Security
We demonstrate how the popular "Ransack" library (Ruby on Rails) can be abused to exfiltrate sensitive data via character by character brute-force, allowing for a full application compromise in some cases. An internet wide search identifies several hundred potentially vulnerable applications.
DuckDuckGo
https://positive.security/blog/ransack-data-exfiltrationRansacking your password reset tokens | Positive Security
We demonstrate how the popular "Ransack" library (Ruby on Rails) can be abused to exfiltrate sensitive data via character by character brute-force, allowing for a full application compromise in some cases. An internet wide search identifies several hundred potentially vulnerable applications.
General Meta Tags
7- titleRansacking your password reset tokens | Positive Security
- charsetutf-8
- descriptionWe demonstrate how the popular "Ransack" library (Ruby on Rails) can be abused to exfiltrate sensitive data via character by character brute-force, allowing for a full application compromise in some cases. An internet wide search identifies several hundred potentially vulnerable applications.
- twitter:titleRansacking your password reset tokens | Positive Security
- twitter:descriptionWe demonstrate how the popular "Ransack" library (Ruby on Rails) can be abused to exfiltrate sensitive data via character by character brute-force, allowing for a full application compromise in some cases. An internet wide search identifies several hundred potentially vulnerable applications.
Open Graph Meta Tags
4- og:titleRansacking your password reset tokens | Positive Security
- og:descriptionWe demonstrate how the popular "Ransack" library (Ruby on Rails) can be abused to exfiltrate sensitive data via character by character brute-force, allowing for a full application compromise in some cases. An internet wide search identifies several hundred potentially vulnerable applications.
- og:imagehttps://cdn.prod.website-files.com/5f6498c074436c349716e747/63ceda8f7b5b98d68365bdee_ransack_bruteforce_overview.png
- og:typewebsite
Twitter Meta Tags
1- twitter:cardsummary_large_image
Link Tags
7- alternaterss.xml
- apple-touch-iconhttps://cdn.prod.website-files.com/5f6498c074436c50c016e745/5f7dd71edeeceb5d47162386_256_256.png
- preconnecthttps://fonts.googleapis.com
- preconnecthttps://fonts.gstatic.com
- shortcut iconhttps://cdn.prod.website-files.com/5f6498c074436c50c016e745/5f7ddb13deeceb266b162f8d_favicon-32x32_white.png
Emails
1Links
9- https://github.com/activerecord-hackery/ransack/commit/4d234c89ca69f6aa7b5a992a4e69e3f658302362
- https://github.com/activerecord-hackery/ransack/issues/1273#issuecomment-1298273454
- https://positive.security
- https://positive.security/about
- https://positive.security/blog