`Command injection in Ruby Gem Webbynode 1.0.5.3
Date: 11/11/2014
Author: Larry W. Cashdollar, @_larry0
Download: http://rubygems.org/gems/webbynode
Vulnerability Description:
The following code located in: ./webbynode-1.0.5.3/lib/webbynode/notify.rb doesn't fully sanitize user supplied input before passing it to the shell via %x.
Messages via the growlnotify command line can possibly be used to execute shell commands if the message contains shell meta characters.
def self.message(message)
if self.installed? and !$testing
message = message.gsub(/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]/, "")
%x(growlnotify -t "#{TITLE}" -m "#{message}" --image "#{IMAGE_PATH}")
end
end
The message.gsub regex strips ANSI encoded characters from the #{message} variable, it doesn't strip characters like ;&| etc. If the attacker can control the contents of #{message}, #{TITLE} or #{IMAGE_PATH} they can possibly inject shell commands and execute them as the client user.
Vendor: Notified 11/11/2013
I also submitted a pull request
Advisory: http://www.vapid.dhs.org/advisories/webbynode-command-inj.html
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation