Over 5,300 internet-exposed GitLab instances are vulnerable to CVE-2023-7028, a zero-click account takeover flaw GitLab warned about earlier this month.
Bobby table, this, buffer overflow… Are all similar in spirit.
Bobby table is a way for hiding the malicious SQL query after a normal query (in that case after the select with “Bobby” you inject the malicious drop table)
In this case after the normal email (that normally would serve for both identifying the user and for the mail to send the recovering mail), the attacker sends two mails, the first is fo identifying the user the second to send the recovering mail
In the case of buffer overflow you inject malicious code after normal(-ish) data
It’s not an XHR attack since for the mail recovery workflow you don’t need an authenticated session.
To be a bit more compassionate to the developers, this is probably some dynamic typing problem. Probably ruby is “smart” into understand that an array can contain strings after all… So an array of strings is as good as a string… But here we go into static vs dynamic typing… And it’s a bit of religious war (fun fact in 2011 i was advocating with Guido Van Rossum in having at least an optional static typing check in Python - at the time the discussion was how to make python faster/compiled - and he was borderline mocking me 😅 and few years after pytypes but still no compilation at horizon 😂)
My problem is that I am a hopeless generalist (which basically means I invariably find myself in support positions rather than what I actually should be doing), and IT is an endless jungle. I’m too curious for my own good.
Bobby table, this, buffer overflow… Are all similar in spirit.
Bobby table is a way for hiding the malicious SQL query after a normal query (in that case after the select with “Bobby” you inject the malicious drop table)
In this case after the normal email (that normally would serve for both identifying the user and for the mail to send the recovering mail), the attacker sends two mails, the first is fo identifying the user the second to send the recovering mail
In the case of buffer overflow you inject malicious code after normal(-ish) data
It’s not an XHR attack since for the mail recovery workflow you don’t need an authenticated session.
To be a bit more compassionate to the developers, this is probably some dynamic typing problem. Probably ruby is “smart” into understand that an array can contain strings after all… So an array of strings is as good as a string… But here we go into static vs dynamic typing… And it’s a bit of religious war (fun fact in 2011 i was advocating with Guido Van Rossum in having at least an optional static typing check in Python - at the time the discussion was how to make python faster/compiled - and he was borderline mocking me 😅 and few years after pytypes but still no compilation at horizon 😂)
Thanks for the explanation, my friend!
My problem is that I am a hopeless generalist (which basically means I invariably find myself in support positions rather than what I actually should be doing), and IT is an endless jungle. I’m too curious for my own good.