Ruby on Rails Information Leaks



Information leaks

Is the target application a Rails application?

  • Default setup for static files:
    • /javascripts/application.js
    • /stylesheets/application.css
    • /images/foo.png
  • Pretty URLs
    • /project/show/12
    • /message/create
    • /folder/delete/43
    • /users/83
  • Rails provides default templates for 404 and 500 status pages
  • Different Rails versions use different default pages
  • 422.html only present in applications generated with Rails 2.0
 Information Leaks
Learn Ruby on Rails - Ruby on Rails tutorial - Information Leaks - Ruby on Rails examples - Ruby On Rails programs

Sample Status Pages

 Sample Status page
Learn Ruby on Rails - Ruby on Rails tutorial - Sample Status page - Ruby on Rails examples - Ruby On Rails programs

Server Header

 server header
Learn Ruby on Rails - Ruby on Rails tutorial - server header - Ruby on Rails examples - Ruby On Rails programs

Subversion metadata

  • Typically Rails applications are deployed with Capistrano / Webistrano
  • This will push .svn directories to the servers
 meta data
Learn Ruby on Rails - Ruby on Rails tutorial - meta data - Ruby on Rails examples - Ruby On Rails programs

Related Searches to Ruby on Rails Information Leaks