Title: Vulnerability Report for Ruby Gem kcapifony-2.1.6

Author: Larry W. Cashdollar, @_larry0<br><br>Date: 06/01/2014

Download: http://rubygems.org/gems/kcapifony

Gem Author:  roderik.van.der.veer@kunstmaan.be

From: ./kcapifony-2.1.6/lib/ksymfony1.rb

Lines 482, 484, 522 and 524 expose the password to the process table via the #{config['pass']} variable.  If this Gem is used in the context of a rails application it maybe possible to inject commands remotely by supplying special shell meta characters like ; and & via #{config['user']} and #{config['pass']}.


0479-      FileUtils::mkdir_p("backups")
480-      case config[type]
481-      when mysql
482:        `mysqldump -u#{config[user]} --password=\"#{config[pass]}\" #{config[db]} > #{tmpfile}`
483-      when pgsql
484:        `pg_dump -U #{config[user]} --password=\"#{config[pass]}\" #{config[db]} > #{tmpfile}`
485-      end
486-      File.open(tmpfile, "r+") do |f|
--
519-      
520-      case config[type]
521-      when mysql
522:        `mysql -u#{config[user]} --password=\"#{config[pass]}\" #{config[db]} < backups/#{sqlfile}`
523-      when pgsql
524:        `psql -U #{config[user]} --password=\"#{config[pass]}\" #{config[db]} < backups/#{sqlfile}`
525-      end
526-      FileUtils.rm("backups/#{sqlfile}")
527-    end