Bugtraq mailing list archives
*** Security Advisory *** Power UP HTML
From: Steve Shepherd <steven () valueweb com>
Date: Fri, 07 Sep 2001 13:57:43 -0400
Security Advisory - 07 Sept 2001 Power Up HTML 0.8033beta 8/16/00 Programmed by Randy Parker *** View / Execute Arbitrary Code Using Program *** Overview: ---------Power Up HTML provides a central routing point which greatly extends the simplicity of programming and the ability to customize other CGI scripts. With this great simplification, you should soon see a large number of useful add-on programs to do anything from managing guestbooks to full-featured chat programs. However, the "router" piece of the code allows the viewing of files on the server as well as the execution of arbitrary code.
Description: ------------Within this software package, the primary script, r.pl (or r.cgi) exists and is what is exploitable. Example:
/cgi-bin/powerup/r.cgi?FILE=main.html System files can be viewed by simply entering relative path information: /cgi-bin/powerup/r.cgi?FILE=../../../../../etc/passwdAdditionally, arbitrary code can be executed on the server utilizing this script.
Versions Affected: ------------------ 0.8033beta Solution --------I received no response from the Author after multiple e-mails notifying him of the exploit.
Current thread:
- *** Security Advisory *** Power UP HTML Steve Shepherd (Sep 07)