Lucene search
K

Ruby Gem Webbynode 1.0.5.3 Command Injection

🗓️ 13 Dec 2013 00:00:00Reported by Larry W. CashdollarType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 38 Views

Command Injection in Ruby Gem Webbynode 1.0.5.3, Date 11/11/2014, by Larry W. Cashdolla

Code
`Command injection in Ruby Gem Webbynode 1.0.5.3  
  
Date: 11/11/2014   
  
Author: Larry W. Cashdollar, @_larry0  
  
Download: http://rubygems.org/gems/webbynode   
  
Vulnerability Description:   
The following code located in: ./webbynode-1.0.5.3/lib/webbynode/notify.rb doesn't fully sanitize user supplied input before passing it to the shell via %x.  
  
Messages via the growlnotify command line can possibly be used to execute shell commands if the message contains shell meta characters.  
  
def self.message(message)  
if self.installed? and !$testing  
message = message.gsub(/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]/, "")  
%x(growlnotify -t "#{TITLE}" -m "#{message}" --image "#{IMAGE_PATH}")  
end  
end  
  
The message.gsub regex strips ANSI encoded characters from the #{message} variable, it doesn't strip characters like ;&| etc. If the attacker can control the contents of #{message}, #{TITLE} or #{IMAGE_PATH} they can possibly inject shell commands and execute them as the client user.  
  
  
Vendor: Notified 11/11/2013  
  
I also submitted a pull request   
  
Advisory: http://www.vapid.dhs.org/advisories/webbynode-command-inj.html  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation