header-logo
Suggest Exploit
vendor:
Interactive Story
by:
SecurityFocus
7.5
CVSS
HIGH
Arbitrary File Access
22 (Improper Limitation of a Pathname to a Restricted Directory)
CWE
Product Name: Interactive Story
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Interactive Story Arbitrary File Access Vulnerability

Interactive Story is a web-based application written in Perl and is distributed as freeware. It does not filter '../' sequences from user input submitted to a hidden file called 'next'. Remote attackers may take advantage of this by crafting URLs that allow them to break out of webroot and view arbitrary web-readable files. If an attacker sets the 'next' field to something like '../../../../../../../../../../etc/passwd%00', Interactive Story will open and display the password file.

Mitigation:

Filter user input to prevent malicious input from being passed to the application.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/3028/info

Interactive Story is a web-based application written in Perl and is distributed as freeware.

Interactive Story does not filter '../' sequences from user input submitted to a hidden file called 'next'. Remote attackers may take advantage of this by crafting URLs that allow them to break out of webroot and view arbitrary web-readable files.

The disclosed information may be used in further attacks on the host. 

If an attacker sets the "next" field to something like
../../../../../../../../../../etc/passwd%00, Interactive Story will open and display the password file.