vendor:
Interactive Story
by:
SecurityFocus
7.5
CVSS
HIGH
Arbitrary File Access
22 (Improper Limitation of a Pathname to a Restricted Directory)
CWE
Product Name: Interactive Story
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002
Interactive Story Arbitrary File Access Vulnerability
Interactive Story is a web-based application written in Perl and is distributed as freeware. It does not filter '../' sequences from user input submitted to a hidden file called 'next'. Remote attackers may take advantage of this by crafting URLs that allow them to break out of webroot and view arbitrary web-readable files. If an attacker sets the 'next' field to something like '../../../../../../../../../../etc/passwd%00', Interactive Story will open and display the password file.
Mitigation:
Filter user input to prevent malicious input from being passed to the application.