[22562] in bugtraq
*** Security Advisory *** Power UP HTML
daemon@ATHENA.MIT.EDU (Steve Shepherd)
Fri Sep 7 14:10:56 2001
Message-ID: <3B990A97.6040807@valueweb.com>
Date: Fri, 07 Sep 2001 13:57:43 -0400
From: Steve Shepherd <steven@valueweb.com>
MIME-Version: 1.0
To: bugtraq@securityfocus.com
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Security Advisory - 07 Sept 2001
Power Up HTML 0.8033beta 8/16/00
Programmed by Randy Parker
*** View / Execute Arbitrary Code Using Program ***
Overview:
---------
Power Up HTML provides a central routing point which greatly extends the
simplicity of programming and the ability to customize other CGI
scripts. With this great simplification, you should soon see a large
number of useful add-on programs to do anything from managing guestbooks
to full-featured chat programs. However, the "router" piece of the code
allows the viewing of files on the server as well as the execution of
arbitrary code.
Description:
------------
Within this software package, the primary script, r.pl (or r.cgi) exists
and is what is exploitable. Example:
/cgi-bin/powerup/r.cgi?FILE=main.html
System files can be viewed by simply entering relative path information:
/cgi-bin/powerup/r.cgi?FILE=../../../../../etc/passwd
Additionally, arbitrary code can be executed on the server utilizing
this script.
Versions Affected:
------------------
0.8033beta
Solution
--------
I received no response from the Author after multiple e-mails notifying
him of the exploit.
