Title: Vulnerability Report for Ruby Gem lean-ruport-0.3.8

Author: Larry W. Cashdollar, @_larry0<br><br>Date: 06/01/2014

Download: http://rubygems.org/gems/lean-ruport

Gem Author:  james@yob.id.au

From: ./lean-ruport-0.3.8/test/tc_database.rb

Line 21 exposes the mysql password to the process table, if this Gem is used in the context of a rails application it might be possible to inject commands via the #{ user } and #{ password } variables if those are supplied by the user as they are not sanitized before being passed to the shell.

018-		tmp_sql = /tmp/compare.sql
19-		md_command =
20-			"mysqldump -u#{ user } -p#{ password } --databases stonecodeblog"
21:		`#{ md_command } > #{ tmp_sql }`
22:		diff = `diff #{ orig_sql } #{ tmp_sql }`
23-		assert( diff == , diff[0..500] ) 
24-	end
25-end