Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbQDefenseEDB-ID:21008
HistoryJul 15, 2001 - 12:00 a.m.

Interactive story 1.3 - Directory Traversal

2001-07-1500:00:00
qDefense
www.exploit-db.com
23

AI Score

7.4

Confidence

Low

JSON
source: https://www.securityfocus.com/bid/3028/info

Interactive Story is a web-based application written in Perl and is distributed as freeware.

Interactive Story does not filter '../' sequences from user input submitted to a hidden file called 'next'. Remote attackers may take advantage of this by crafting URLs that allow them to break out of webroot and view arbitrary web-readable files.

The disclosed information may be used in further attacks on the host. 

If an attacker sets the "next" field to something like
../../../../../../../../../../etc/passwd%00, Interactive Story will open and display the password file.

Related

nessus 1
openvas 1
cvelist 1
nvd 1
cve 1
nessus
nessus
Interactive Story story.pl next Parameter Traversal Arbitrary File Access
2001-12-03 00:00:00
openvas
openvas
Interactive Story (story.pl) < 1.4 Directory Traversal Vulnerability
2005-11-03 00:00:00
cvelist
cvelist
CVE-2001-0804
2002-03-09 05:00:00
nvd
nvd
CVE-2001-0804
2001-12-06 05:00:00
cve
cve
CVE-2001-0804
2002-03-09 05:00:00

AI Score

7.4

Confidence

Low

JSON
Related for EDB-ID:21008
nessus1openvas1cvelist1nvd1cve1