interactive story 1.3 - Directory Traversal Vulnerability

ID EDB-ID:21008
Type exploitdb
Reporter qDefense
Modified 2001-07-15T00:00:00


Interactive Story 1.3 Directory Traversal Vulnerability. CVE-2001-0804. Remote exploit for cgi platform


Interactive Story is a web-based application written in Perl and is distributed as freeware.

Interactive Story does not filter '../' sequences from user input submitted to a hidden file called 'next'. Remote attackers may take advantage of this by crafting URLs that allow them to break out of webroot and view arbitrary web-readable files.

The disclosed information may be used in further attacks on the host. 

If an attacker sets the "next" field to something like
../../../../../../../../../../etc/passwd%00, Interactive Story will open and display the password file.