Interactive Story is a web-based application written in Perl and is distributed as freeware.
Interactive Story does not filter '../' sequences from user input submitted to a hidden file called 'next'. Remote attackers may take advantage of this by crafting URLs that allow them to break out of webroot and view arbitrary web-readable files.
The disclosed information may be used in further attacks on the host.
If an attacker sets the "next" field to something like
../../../../../../../../../../etc/passwd%00, Interactive Story will open and display the password file.
Interactive Story story.pl next Parameter Traversal Arbitrary File Access
Remote / Network Access
Loss of Confidentiality,
Loss of Integrity
Interactive Story contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the "story.pl" script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the "next" variable.
Upgrade to version 1.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.