免费、自由、人人可编辑的漏洞库--PwnWiki.com
,
heroku-CVE-2013-0333.rb
## The quick-and-nasty CVE-2013-0333 Heroku inspector!
## Originally brought to you by @elliottkember with changes by @markpundsack and @hone @ Heroku
## Download and run using:
## ruby heroku-CVE-2013-0333.rb
require 'rubygems'
rails3_max = Gem::Version.new("3.0.19")
rails3_min = Gem::Version.new("3.0.0")
rails2_max = Gem::Version.new("2.3.15")
rails2_min = Gem::Version.new("2.3.0")
puts "Rails Versions Affected: > #{rails3_min}, <= #{rails3_max}, > #{rails2_min}, <= #{rails2_max}"
`heroku apps`.split("\n").each do |app|
app = app.strip
# Some "heroku apps" lines have === formatting for grouping. They're not apps.
next if app0..2 == "==="
# Some are appended by owner emails
app = app.split(" ")0.to_s.strip
# Blank lines can be ommitted.
next if app == ""
rails_path = `heroku run bundle show rails --app #{app}`.split("\n")-1
rails_version_number = rails_path.split("rails-")1
rails_version_number = rails_version_number.strip unless rails_version_number.nil?
rails_version = nil
begin
rails_version = Gem::Version.new(rails_version_number)
if rails_version_number &&
(rails_version > rails3_min && rails_version < rails3_max ||
rails_version > rails2_min && rails_version < rails2_max)
puts "Uh oh! #{app} has #{rails_version_number}."
else
puts "..."
end
rescue ArgumentError => e
puts "#{app} has Rails version: #{rails_version_number} installed, please verify it is correctly patched"
end
end
heroku-CVE-2013-0333.rb.asc
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iQEcBAABAgAGBQJRByIGAAoJEN8hShkacUVqQqgH+QHPnVZD4m7B3jwIulW6S7ur c78xaAVQLNWhIS8JVlZo2VI9iDu1OdbX4S2spEHD5pqD8GJxMMkrborKafPY8nvD 7gU++hH4/tWtRbNEhJVTY9Aa30bxIjjholfrc58+kK8yZWJCO+yMap8leEUsCJAC NUNwr2HF7yZj3SQl5r0r+w5EBjfrkyGglH2lHLm6Kh16aYi25KwH5F0JXYnovbYR jyI/61OKdQ6bUN0wfEM8mqlmKSXflqY8NhOqHyeKdEB97MSDnlOPvhelgvkfmBVl IdgsABEGqe5YDnO8zv2ZeMlffXDd8a6WOLuZQQgl6LeVK16Ji6x6u3njWkWN2Jg= =zuOr -----END PGP SIGNATURE-----
免费、自由、人人可编辑的漏洞库--pwnwiki.com
