Ruby Snippet #05

This challenge covers the review of a snippet of code written in Ruby

PRO
Tier
Easy
< 1 Hr.
491

Course


The Code Review Snippet challenges present a small snippet of Ruby-on-Rails code designed to test your ability to identify security issues. Initially, you are encouraged to examine the code on your own. If you struggle to find the vulnerability or want to understand it better, a detailed video is available to guide you through the process.

In this specific challenge, the code introduces a route parameter `motd` which is used to open and read a file. The video explains that this implementation has security issues, such as lack of input filtering and the use of `open`, which is an alias to `kernel.open` that could allow command execution. The correct approach involves using `file.open` and implementing filtering mechanisms to prevent directory traversal and arbitrary file access.

Want to learn more? Get started with PentesterLab Pro! GO PRO