search

aaronjanse / asciidots

Esolang inspired by ASCII art
https://ajanse.me/asciidots
GNU Affero General Public License v3.0
1.11k stars 33 forks source link

Arbitrary File Read #94

Open caioluders opened 3 years ago

caioluders commented 3 years ago

Hello!

Just opening an issue about my challenge on Pwn2Win : Dots Exposed . It's possible to achieve Arbitrary file read using the library import. Here's a writeup about it by @qxxxb https://github.com/qxxxb/ctf/tree/master/2021/pwn2win/dots_exposed ( I'm kinda lazy, and he's done an amazing job ). Still not sure if you'll want to fix this, but wanted to make an issue to formalize it (:

Thanks.

aaronjanse commented 3 years ago

Great find, and thank you @qxxxb for the writeup!

There are two major things going on here:

  1. Arbitrary file paths can be used as libraries. This is probably a feature when run locally, but it's unwanted on hosted asciidots demos.
  2. The library import function assumes that the source code has a trailing newline. I'll want to fix this because it's an improper implementation of how library importing is supposed to work.

P.S. It's exciting to see asciidots at pwn2win!