Title: Vulnerability Report for Ruby Gem kcapifony-2.1.6
Author: Larry W. Cashdollar, @_larry0
Date: 06/01/2014
Download: http://rubygems.org/gems/kcapifony
Gem Author: roderik.van.der.veer@kunstmaan.be
From: ./kcapifony-2.1.6/lib/ksymfony1.rb
Lines 482, 484, 522 and 524 expose the password to the process table via the #{config['pass']} variable. If this Gem is used in the context of a rails application it maybe possible to inject commands remotely by supplying special shell meta characters like ; and & via #{config['user']} and #{config['pass']}.
0479- FileUtils::mkdir_p("backups")
480- case config[type]
481- when mysql
482: `mysqldump -u#{config[user]} --password=\"#{config[pass]}\" #{config[db]} > #{tmpfile}`
483- when pgsql
484: `pg_dump -U #{config[user]} --password=\"#{config[pass]}\" #{config[db]} > #{tmpfile}`
485- end
486- File.open(tmpfile, "r+") do |f|
--
519-
520- case config[type]
521- when mysql
522: `mysql -u#{config[user]} --password=\"#{config[pass]}\" #{config[db]} < backups/#{sqlfile}`
523- when pgsql
524: `psql -U #{config[user]} --password=\"#{config[pass]}\" #{config[db]} < backups/#{sqlfile}`
525- end
526- FileUtils.rm("backups/#{sqlfile}")
527- end