Interactive Story story.pl Arbitrary File Access

2001-07-15T00:00:00
ID OSVDB:683
Type osvdb
Reporter qDefense(advisories@qDefense.com)
Modified 2001-07-15T00:00:00

Description

Vulnerability Description

Interactive Story contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the "story.pl" script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the "next" variable.

Solution Description

Upgrade to version 1.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Interactive Story contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the "story.pl" script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the "next" variable.

Manual Testing Notes

http://[victim]/cgi-bin/story.pl?next=../../../../../etc/passwd%00

References:

Vendor URL: http://www.valeriemates.com/story_download.html Snort Signature ID: 1869 Snort Signature ID: 1868 Other Advisory URL: http://www.vesaria.com/Advisories/QDAV-2001-7-3.html Nessus Plugin ID:10817 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2001-07/0214.html Keyword: Directory Traversal ISS X-Force ID: 6843 CVE-2001-0804 Bugtraq ID: 3028