Title: Vulnerability Report for Ruby Gem lean-ruport-0.3.8
Author: Larry W. Cashdollar, @_larry0
Date: 06/01/2014
Download: http://rubygems.org/gems/lean-ruport
Gem Author: james@yob.id.au
From: ./lean-ruport-0.3.8/test/tc_database.rb
Line 21 exposes the mysql password to the process table, if this Gem is used in the context of a rails application it might be possible to inject commands via the #{ user } and #{ password } variables if those are supplied by the user as they are not sanitized before being passed to the shell.
018- tmp_sql = /tmp/compare.sql
19- md_command =
20- "mysqldump -u#{ user } -p#{ password } --databases stonecodeblog"
21: `#{ md_command } > #{ tmp_sql }`
22: diff = `diff #{ orig_sql } #{ tmp_sql }`
23- assert( diff == , diff[0..500] )
24- end
25-end