Arbitrary File Read
caioluders opened this issue · comments
Hello!
Just opening an issue about my challenge on Pwn2Win : Dots Exposed .
It's possible to achieve Arbitrary file read using the library import. Here's a writeup about it by @qxxxb https://github.com/qxxxb/ctf/tree/master/2021/pwn2win/dots_exposed ( I'm kinda lazy, and he's done an amazing job ). Still not sure if you'll want to fix this, but wanted to make an issue to formalize it (:
Thanks.
Great find, and thank you @qxxxb for the writeup!
There are two major things going on here:
- Arbitrary file paths can be used as libraries. This is probably a feature when run locally, but it's unwanted on hosted asciidots demos.
- The library import function assumes that the source code has a trailing newline. I'll want to fix this because it's an improper implementation of how library importing is supposed to work.
P.S. It's exciting to see asciidots at pwn2win!