*** Security Advisory *** Power UP HTML

[Steve Shepherd <steven () valueweb com>]

Security Advisory - 07 Sept 2001

Power Up HTML 0.8033beta 8/16/00
Programmed by Randy Parker

*** View / Execute Arbitrary Code Using Program ***


Overview:
---------

Power Up HTML provides a central routing point which greatly extends the 
simplicity of programming and the ability to customize other CGI 
scripts. With this great simplification, you should soon see a large 
number of useful add-on programs to do anything from managing guestbooks 
to full-featured chat programs.  However, the "router" piece of the code 
allows the viewing of files on the server as well as the execution of 
arbitrary code.


Description:
------------

Within this software package, the primary script, r.pl (or r.cgi) exists 
 and is what is exploitable. Example:

/cgi-bin/powerup/r.cgi?FILE=main.html


System files can be viewed by simply entering relative path information:

/cgi-bin/powerup/r.cgi?FILE=../../../../../etc/passwd


Additionally, arbitrary code can be executed on the server utilizing 
this script.



Versions Affected:
------------------

0.8033beta



Solution
--------

I received no response from the Author after multiple e-mails notifying 
him of the exploit.