htmlLawed 1.2.5 - Remote Code Execution (RCE)

Exploit Title: htmlLawed 1.2.5 - Remote Code Execution RCE Date: 2024-04-24 Exploit Author: Miguel Redondo aka d4t4s3c Vendor Homepage: https://www.bioinformatics.org/phplabware/internalutilities/htmLawed Software Link: https://github.com/kesar/HTMLawed Version: -c \n" exit else banner echo -e "\...

Ruby: OS Command Injection via egrep in Rake::FileList

When a file which has command file name of stating with | is in Rake::FileList, then egrep will execute the command. How to reproduce PoC pocrake.rb is the following. ruby require 'rake' list = Rake::FileList.newDir.glob'' p list list.egrep/something/ Example of executing. % ls -1 Gemfile...