Ruby on Rails Information Leaks
Information leaks
Is the target application a Rails application?
- Default setup for static files:
- /javascripts/application.js
- /stylesheets/application.css
- /images/foo.png
- Pretty URLs
- /project/show/12
- /message/create
- /folder/delete/43
- /users/83
- Rails provides default templates for 404 and 500 status pages
- Different Rails versions use different default pages
- 422.html only present in applications generated with Rails 2.0
Learn Ruby on Rails - Ruby on Rails tutorial - Information Leaks - Ruby on Rails examples - Ruby On Rails programs
Sample Status Pages
Learn Ruby on Rails - Ruby on Rails tutorial - Sample Status page - Ruby on Rails examples - Ruby On Rails programs
Server Header
Learn Ruby on Rails - Ruby on Rails tutorial - server header - Ruby on Rails examples - Ruby On Rails programs
Subversion metadata
- Typically Rails applications are deployed with Capistrano / Webistrano
- This will push .svn directories to the servers