[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Remote command execution in Ruby Gem Command Wrap

To: full <full-disclosure@xxxxxxxxxxxxxxxxx>, Packet Storm <packet@xxxxxxxxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] Remote command execution in Ruby Gem Command Wrap
From: larry Cashdollar <larry0@xxxxxx>
Date: Mon, 18 Mar 2013 18:56:42 -0400

Remote command execution in Ruby Gem Command Wrap

3/15/2013
http://rubygems.org/gems/command_wrap

Commands executed if the remote URL or filename contains the shell character 
';'. The commands will be executed as the client user if tricked into using the 
malicious URL or filename.

Examining the following lines:

command_wrap.rb-7- def self.capture (url, target)

command_wrap.rb-8- command = 
CommandWrap::Config::Xvfb.command(File.dirname(__FILE__) + "/../bin/CutyCapt 
--min-width=1024 --min-height=768 --url={url} --out={target}") 
command_wrap.rb:9: `#{command}`
command_wrap.rb-10- end
command_wrap.rb-11-
--
command_wrap.rb-72- command = 
CommandWrap::Config::Xvfb.command(File.dirname(__FILE__) + "/../bin/wkhtmltopdf 
--quiet --print-media-type #{source} #{params} #{target}") command_wrap.rb-73-
command_wrap.rb:74: `#{command}`

Untrusted data is passed to the command line.

Larry W. Cashdollar
@_larry0
http://vapid.dhs.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] [CVE-2013-2294] Multiple Cross Site Scripting (XSS) vulnerabilities in ViewGit
Next by Date: [Full-disclosure] [waraxe-2013-SA#098] - Directory Traversal Vulnerabilities in OpenCart 1.5.5.1
Previous by thread: [Full-disclosure] [CVE-2013-2294] Multiple Cross Site Scripting (XSS) vulnerabilities in ViewGit
Next by thread: [Full-disclosure] [waraxe-2013-SA#098] - Directory Traversal Vulnerabilities in OpenCart 1.5.5.1
Index(es):
- Date
- Thread