lang:

Ruby

regex:

render\s*(\(|\s)\s*params\s*\[(?!\s*:?['"]?(id|action|controller))

description:

Ruby on Rails arbitrary render parameter vulnerabilities.

Complete attacker control over parameters to "render" may result in remote code execution.
tags:
ruby on rails arbitrary render path
results