Ruby on Rails vulnerable to mass assignment and SQL injection | Dark Hacker News