[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Ruby gem fastreader-1.0.8 remote code exec

To: full <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] Ruby gem fastreader-1.0.8 remote code exec
From: "Larry W. Cashdollar" <larry0@xxxxxx>
Date: Tue, 12 Mar 2013 23:05:00 +0000 (GMT)

<html><body><div><h2>Ruby gem fastreader-1.0.8 remote code exec
</h2>3/6/2013<hr>
<p><br></p><p>https://rubygems.org/gems/fastreader<br></p><p>if the url 
contains any ; characters code will be executed as the user when a web browser 
is launched.
</p>
<p>for example if fastreader is fed <a 
href="http://www.g;id;.com";>http://www.g;id;.com</a> id will be executed.
</p>
<p>./fastreader-1.0.8/lib/entry_controller.rb 
</p>
<p>.strip only removes whitespace before and after the URL.
</p>
<pre>115       # open web browser
116       command = (ENV['FASTREADER_WEB'] || "open") + " 
<strong>{@current_entry.url.strip}"
117       `</strong>{command}`
</pre>
<p>Larry W. Cashdollar<br>
@_larry0<br>
<a href="http://vapid.dhs.org";>http://vapid.dhs.org</a></p></div></body></html>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: ***UNCHECKED*** [Full-disclosure] Cam2pc BMP Image Processing Integer Overflow Vulnerability
Next by Date: [Full-disclosure] MiniMagic ruby gem remote code execution
Previous by thread: ***UNCHECKED*** [Full-disclosure] Cam2pc BMP Image Processing Integer Overflow Vulnerability
Next by thread: [Full-disclosure] MiniMagic ruby gem remote code execution
Index(es):
- Date
- Thread