Written by Bernardo
on March 30, 2019

open-uri

ruby
security

TIL open-uri internally patches Kernel.open allowing remote code execution and reading local files. If the string provided to open-uri starts with a pipe it will get executed as a command:

require "open-uri"
irb(main):001:0> require 'open-uri'
=> true
irb(main):002:0> open('|ls').to_a
=> ["content\n", "data\n", "layouts\n", "resources\n"]

For more information check this resource.

← → Top