Active Record contém Injeção SQL (SQL Injection)

The primary impact of CVE-2012-6496 is the ability for a remote attacker to inject malicious SQL code into database queries. This can lead to unauthorized access to sensitive data, including user credentials, financial information, and application configuration details. Successful exploitation could also allow an attacker to modify or delete data, potentially disrupting application functionality and causing significant data loss. The vulnerability stems from incorrect handling of data types within dynamic finders, allowing unexpected input to be interpreted as SQL code. While no widespread exploitation has been publicly documented, the potential for severe data compromise makes this a critical vulnerability to address.

Applications using older, unpatched versions of Ruby on Rails (prior to 3.0.18, 3.1.9, or 3.2.10) are at risk. This includes legacy applications, applications running on shared hosting environments where updates are not managed by the application owner, and applications that rely on custom ActiveRecord implementations without proper input validation.

• ruby/server: Examine application logs for unusual SQL query patterns or error messages related to database interactions. Use tools like journalctl to filter for SQL errors and suspicious activity. • generic web: Use curl or wget to test vulnerable endpoints with crafted SQL injection payloads. Monitor response headers for signs of SQL injection success (e.g., error messages revealing database structure). • database (mysql, postgresql): If direct database access is available, run queries to check for unauthorized data modifications or suspicious entries that might indicate exploitation.

1. 2012-08-24Discovery

   discovery

2. 2017-10-24Disclosure

   disclosure

3. 2017-10-24Patch

   patch

1. Publicada2017-10-24
2. Modificada2025-01-21
3. EPSS atualizado2026-04-02

The primary mitigation for CVE-2012-6496 is to upgrade to a patched version of Ruby on Rails (3.0.18, 3.1.9, or 3.2.10). If upgrading is not immediately feasible, consider implementing input validation and sanitization on user-supplied data used in database queries. Web application firewalls (WAFs) configured to detect and block SQL injection attempts can provide an additional layer of defense. Review application code for any instances of dynamic finders that might be vulnerable to this type of attack. After upgrading, confirm the fix by attempting a crafted SQL injection payload through the application's vulnerable endpoints and verifying that it is properly blocked.