[temp2903d]

Can someone explain what the backdoor could do? It's exposing some session token that someone could then use to login an account on some website that used this gem?

[CGamesPlay]

Everything in the first line is a diversion to make the code look complicated but realistic. The eval is what the backdoor does, which means it looks at a cookie with some basic encoding, and runs it as ruby code. There’s no authentication or anything here, the backdoor will work for anyone who cares to set that cookie.

[akramer]

It appears to evaluate ruby code provided by the client given specific strings being set in a cookie.

[newnewpdro]

It runs arbitrary ruby code supplied in the form of a cookie.

This means the backdoor is fully generic and nobody can describe the damage, if any, that has been done.

The only saving grace is the code will run with the privileges of the ruby interpreter, constrained to the process environment of same.