gulaschkanone
New member
map_to_file doesn't validate the filename parameter, so you can traverse the directory tree upwards with "..". If mafia is in a directory upon which you have write access, you can create new and change arbitrary existing files trivially in the Mafia dir, and potentially anything on the same partition. That's not very good.
Digging around, http://kolmafia.us/showthread.php?10838-11348-Fix-directory-traversal-exploit-Disallow-scripts-from-writing-a-data-file-wi looks like it once fixed something like this, except no more. (Can traverse directories, including outside the mafia directory, and you can write to all files including .ash.)
Digging around, http://kolmafia.us/showthread.php?10838-11348-Fix-directory-traversal-exploit-Disallow-scripts-from-writing-a-data-file-wi looks like it once fixed something like this, except no more. (Can traverse directories, including outside the mafia directory, and you can write to all files including .ash.)