Security Advisory - 07 Sept 2001

Power Up HTML 0.8033beta 8/16/00
Programmed by Randy Parker

*** View / Execute Arbitrary Code Using Program ***

Overview:
---------

Power Up HTML provides a central routing point which greatly extends the
simplicity of programming and the ability to customize other CGI
scripts. With this great simplification, you should soon see a large
number of useful add-on programs to do anything from managing guestbooks
to full-featured chat programs. However, the "router" piece of the code
allows the viewing of files on the server as well as the execution of
arbitrary code.

Description:
------------

Within this software package, the primary script, r.pl (or r.cgi) exists
  and is what is exploitable. Example:

/cgi-bin/powerup/r.cgi?FILE=main.html

System files can be viewed by simply entering relative path information:

/cgi-bin/powerup/r.cgi?FILE=../../../../../etc/passwd

Additionally, arbitrary code can be executed on the server utilizing
this script.

Versions Affected:
------------------

0.8033beta

Solution
--------

I received no response from the Author after multiple e-mails notifying
him of the exploit.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]