De: "Steve Shepherd" À: Objet: *** Security Advisory *** Power UP HTML Date : vendredi 7 septembre 2001 20:46 Security Advisory - 07 Sept 2001 Power Up HTML 0.8033beta 8/16/00 Programmed by Randy Parker *** View / Execute Arbitrary Code Using Program *** Overview: --------- Power Up HTML provides a central routing point which greatly extends the simplicity of programming and the ability to customize other CGI scripts. With this great simplification, you should soon see a large number of useful add-on programs to do anything from managing guestbooks to full-featured chat programs. However, the "router" piece of the code allows the viewing of files on the server as well as the execution of arbitrary code. Description: ------------ Within this software package, the primary script, r.pl (or r.cgi) exists and is what is exploitable. Example: /cgi-bin/powerup/r.cgi?FILE=main.html System files can be viewed by simply entering relative path information: /cgi-bin/powerup/r.cgi?FILE=../../../../../etc/passwd Additionally, arbitrary code can be executed on the server utilizing this script. Versions Affected: ------------------ 0.8033beta Solution -------- I received no response from the Author after multiple e-mails notifying him of the exploit.