Tuesday, 3 December 2013

Heroku Directory Transversal

Long back I spotted a Directory Traversal bug in Heroku.

"Heroku is a cloud platform is a cloud application platform – a new way of building and deploying web apps. Heroku was acquired by Salesforce.com in 2010."



They were quite quick and fixed it without delays


Later they even started their hall of fame page and included my name there :)
https://www.heroku.com/policy/security-hall-of-fame





2 comments:

Felicia Fedrick said...

Hi Shashank,I Love Heroku Directory TransversalThe combined use of these two useful features had a surprising security implication. The Rails core team decided to exclude sub-directory views from implicit rendering. This means moving the responsibility to the application developer

https:supremeten.com said...

Really it is a great post. Thanks for your valuable ideas about this post.