Ruby Deserialization Exploitation – New Gadget Chain for Ruby on Rails

Contribute to httpvoid/writeups development by creating an account on GitHub. Read more

Similar

Why is Ruby on Rails’ default_scope bad?

A pretty popular opinion in the Ruby on Rails community is that default_scopes should not be used for any reason. However, often it's not fully explained why default_scopes are harmful to applications. Default Scopes are harmful because they are unexpecte... (more…)

Read more »