Ruby Gem Command Wrap suffers from a remote code execution vulnerability.
28a0b4a6c633d5625d572416f7ec1b3eca1a2045358cc07c0078fd6cd2d57065Remote command execution in Ruby Gem Command Wrap
3/15/2013
http://rubygems.org/gems/command_wrap
Commands executed if the remote URL or filename contains the shell character ';'. The commands will be executed as the client user if tricked into using the malicious URL or filename.
Examining the following lines:
command_wrap.rb-7- def self.capture (url, target)
command_wrap.rb-8- command = CommandWrap::Config::Xvfb.command(File.dirname(__FILE__) + "/../bin/CutyCapt --min-width=1024 --min-height=768 --url={url} --out={target}") command_wrap.rb:9: `#{command}`
command_wrap.rb-10- end
command_wrap.rb-11-
--
command_wrap.rb-72- command = CommandWrap::Config::Xvfb.command(File.dirname(__FILE__) + "/../bin/wkhtmltopdf --quiet --print-media-type #{source} #{params} #{target}") command_wrap.rb-73-
command_wrap.rb:74: `#{command}`
Untrusted data is passed to the command line.
Larry W. Cashdollar
@_larry0
http://vapid.dhs.org
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed