In March 2012, GitHub experienced a severe security breach that shook the developer community. A security researcher, Egor Homakov, discovered he could gain administrative access to any repository on GitHub, including the Ruby on Rails project itself. The vulnerability was deceptively simple yet devastating in its impact. GitHub's mass assignment vulnerability allowed attackers to modify any property of an object by simply adding extra parameters to API requests

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Broken Object Property Level Authorization

  • Roman Canlas

摘要

In March 2012, GitHub experienced a severe security breach that shook the developer community. A security researcher, Egor Homakov, discovered he could gain administrative access to any repository on GitHub, including the Ruby on Rails project itself. The vulnerability was deceptively simple yet devastating in its impact. GitHub's mass assignment vulnerability allowed attackers to modify any property of an object by simply adding extra parameters to API requests