Title: Vulnerability Report for Ruby Gem kompanee-recipes-0.1.4 |
Author: Larry W. Cashdollar, @_larry0 |
Date: 2014-06-01 |
CVE-ID:[CVE-none] |
CWE: |
Download Site: http://rubygems.org/gems/kompanee-recipes |
Vendor: thekompanee.com |
Vendor Notified: 2014-06-25 |
Vendor Contact: accounts+rubygems@thekompanee.com |
Advisory: http://www.vapid.dhs.org/advisories/kompanee-recipes-0.1.4.html |
Description: These are the common recipes we've been using here at The Kompanee. Packaged as a gem. |
Vulnerability: From: ./kompanee-recipes-0.1.4/lib/kompanee-recipes/heroku.rb
If this Gem is used in the context of a Rails application it maybe possible for a remote user to inject commands into the shell via #{password} #{user} #{deploy_name} #{application} variables if that data is user supplied.
032- task :install do
33: `heroku domains:add #{deploy_name}`
34- end
35-
37- Removes the domain for the application from the Heroku server.
39- task :remove do
40: `heroku domains:remove #{deploy_name}`
41- end
42-
43- namespace :addon do
--
47- task :install do
48: `heroku addons:add custom_domains:basic`
49- end
50-
54- task :remove do
55: `heroku addons:remove custom_domains:basic`
56- end
57- end
58- end
--
87- [internal] Creates a Heroku credentials file.
89- task :create do
90: `if [ ! -d #{heroku_credentials_path} ]; then mkdir -p #{heroku_credentials_path}; fi`
91: `echo #{user} > #{heroku_credentials_file}`
92: `echo #{password} >> #{heroku_credentials_file}`
93- end
94-
96- [internal] Switches the credentials file to either the current use or the
99- task :switch do
--
119- restart the application.
121- task :default do
122: `git push heroku #{branch}`
123- deploy.migrate
124- deploy.restart
125- end
--
128- Restarts the application.
130- task :restart do
131: `heroku restart`
132- end
133-
135- Runs the migrate rake task.
137- task :migrate do
138: `heroku rake db:migrate`
139- end
140-
--
144- namespace :rollback do
145- task :default do
146: `heroku rollback`
147- deploy.restart
148- end
149- end
--
151- namespace :web do
152- desc "Removes the maintenance page to resume normal site operation."
153- task :enable do
154: `heroku maintenance:off`
155- end
156-
158- task :disable do
159: `heroku maintenance:on`
160- end
161- end
162-
--
169-
170- heroku.domain.install
171-
173- deploy.default
174- end
175- end
--
177- namespace :website do
179- task :install do
180: `heroku create #{application}` 181- end
182-
183- desc "Completely removes application from Heroku" 184- task :remove do
185: `heroku destroy --confirm #{application}` 186- end
187- end
188-
189- namespace :db do
191- task :drop do
192: `heroku pg:reset`
193- end
194-
195- namespace :backup do
197- task :default do
198: `heroku pgbackups:capture`
199- end
200-
201- namespace :addon do
--
205- task :install do
206: `heroku addons:add pgbackups:basic`
207- end
208-
212- task :remove do
213: `heroku addons:remove pgbackups:basic`
214- end
215- end
216- end
--
219- task :reset_and_seed do
221- db.backup
222: `heroku pg:reset`
223: `heroku rake db:seed`
224- end
225-
226- desc "Seed database"
227- task :seed do
229- db.backup
230: `heroku rake db:seed`
231- end
232- end
233-
235- task :shell do
236: `heroku shell`
237- end
238-
240- task :invoke do
242- end
243-end |
Export: JSON TEXT XML |
Exploit Code: |
Screen Shots: |
Notes: 108593 |
Larry W. Cashdollar
Larry Cashdollar
Larry W. Cashdollar vulnerability
Larry Cashdollar advisory