Hello!

Just opening an issue about my challenge on Pwn2Win : Dots Exposed .
It's possible to achieve Arbitrary file read using the library import. Here's a writeup about it by @qxxxb https://github.com/qxxxb/ctf/tree/master/2021/pwn2win/dots_exposed ( I'm kinda lazy, and he's done an amazing job ). Still not sure if you'll want to fix this, but wanted to make an issue to formalize it (:

Thanks.

Great find, and thank you @qxxxb for the writeup!

There are two major things going on here:

1. Arbitrary file paths can be used as libraries. This is probably a feature when run locally, but it's unwanted on hosted asciidots demos.
2. The library import function assumes that the source code has a trailing newline. I'll want to fix this because it's an improper implementation of how library importing is supposed to work.

P.S. It's exciting to see asciidots at pwn2win!