Interactive Story目录遍历漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1106431 漏洞类型 路径遍历
发布时间 2001-07-15 更新时间 2005-10-12
CVE编号 CVE-2001-0804 CNNVD-ID CNNVD-200112-012
漏洞平台 CGI CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/21008
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200112-012
|漏洞详情
InteractiveStory1.3版本的story.pl存在目录遍历漏洞。远程攻击者借助“next”参数的..(点点)攻击读取任意文件。
|漏洞EXP
source: http://www.securityfocus.com/bid/3028/info

Interactive Story is a web-based application written in Perl and is distributed as freeware.

Interactive Story does not filter '../' sequences from user input submitted to a hidden file called 'next'. Remote attackers may take advantage of this by crafting URLs that allow them to break out of webroot and view arbitrary web-readable files.

The disclosed information may be used in further attacks on the host. 

If an attacker sets the "next" field to something like
../../../../../../../../../../etc/passwd%00, Interactive Story will open and display the password file.
|参考资料

来源:XF
名称:interactive-story-next-directory-traversal(6843)
链接:http://xforce.iss.net/static/6843.php
来源:www.valeriemates.com
链接:http://www.valeriemates.com/story_download.html
来源:BID
名称:3028
链接:http://www.securityfocus.com/bid/3028
来源:BUGTRAQ
名称:20010715InteractiveStoryFileDisclosureVulnerability
链接:http://www.securityfocus.com/archive/1/4.3.2.7.2.20010715184257.00b20100@compumodel.com
来源:OSVDB
名称:683
链接:http://www.osvdb.org/683