Command injection vulnerability
20 views
Skip to first unread message
Larry Cashdollar
Nov 11, 2013, 4:42:19 PM11/11/13
to project...@googlegroups.com
From: sprout-0.7.246/lib/sprout/archive_unpacker.rb
zip_name = File.basename(zip_file)
output = File.expand_path(dir)
# puts ">> zip_dir: #{zip_dir} zip_name: #{zip_name} output: #{output}"
%x(cd #{zip_dir};unzip #{zip_name} -d #{output})
else
retries = 0
begin
If #{zip_dir}, #{zip_name} or #{output} can be controlled by the user you can specify a file name containing shell meta characters that
can possibly execute system commands.
For example: filename;id;.zip
Luke Bayes
Nov 13, 2013, 10:57:26 AM11/13/13
to Sprouts
Thanks for the pointer, can you think of a way to mitigate without losing the feature?
Pull requests are always welcomed.
Luke
--
--
You received this message because you are subscribed to the Google Groups "ProjectSprouts" group.
To post to this group, send email to project...@googlegroups.com
To unsubscribe from this group, send email to projectsprout...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/projectsprouts?hl=en
For other info you can visit our project at: http://projectsprouts.org, or on Github at: http://github.com/lukebayes/project-sprouts
---
You received this message because you are subscribed to the Google Groups "ProjectSprouts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to projectsprout...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Duncan Beevers
Nov 14, 2013, 11:48:01 AM11/14/13
to Project Sprout
I think the `cocaine` gem is kind of the go-to tool for this kind of thing.
A small library for doing (command) lines.
Reply all
Reply to author
Forward
0 new messages