[UNIX] Power Up Security Vulnerability Allows Aribtrary File Viewing

From: support@securiteam.com
Date: 09/09/01 

From: support@securiteam.com
To: list@securiteam.com
Subject: [UNIX] Power Up Security Vulnerability Allows Aribtrary File Viewing
Message-Id: <20010909202052.36510138C0@mail.der-keiler.de>
Date: Sun,  9 Sep 2001 22:20:52 +0200 (CEST)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  Power Up Security Vulnerability Allows Aribtrary File Viewing
------------------------------------------------------------------------

SUMMARY

 <http://dev.ideacube.com/powerup/> Power Up HTML provides a central
routing point which greatly extends the simplicity of programming and the
ability to customize other CGI scripts. With this great simplification,
you should soon see a large number of useful add-on programs to do
anything from managing guestbooks to full-featured chat programs.
However, the "router" piece of the code allows the viewing of files on the
server as well as the execution of arbitrary code.

DETAILS

Vulnerable systems:
Power Up HTML version 0.8033beta

Within this software package, the primary script, r.pl (or r.cgi) exists
and is what is exploitable.
Example:
/cgi-bin/powerup/r.cgi?FILE=main.html

System files can be viewed by simply entering relative path information:

/cgi-bin/powerup/r.cgi?FILE=../../../../../etc/passwd

Additionally, arbitrary code can be executed on the server utilizing this
script.

ADDITIONAL INFORMATION

The information has been provided by <mailto:steven@valueweb.com> Steve
Shepherd.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Relevant Pages

  • Re: Patriot Act against the free exchange of ideas
    ... to disclosure of sources of information, which the government wants to keep ... liberties, and who can't balance that with national security. ... > to use his powers for good, that's not what happens once power is ...
    (rec.music.opera)
  • Re: What does this mean?
    ... "Pursuit of the national interest abroad by prominent use of hard power is ... in order to guarantee security. ... the United Nations has been largely sidelined has not produced ...
    (uk.politics.misc)
  • October 2005: Power failure hits CDC germ lab
    ... Outage disables freezers, cuts off security system ... A power failure knocked out the security system at a federal germ lab ...
    (sci.med.diseases.lyme)
  • [Full-Disclosure] Administrivia
    ... directly related to security concerns per se. ... I consider myself to be a hacker, ... >> was the motivation in days gone by. ... >> The idea that with great power comes great responsibility is one that I ...
    (Full-Disclosure)
  • New Focus on Cyber Terrorism
    ... computers that run power grids, ... a former terrorism and cyber-security czar in the Bush ... according to IBM's global security intelligence team. ... "There is a lot of concern in government about what the FBI ...
    (comp.dcom.telecom)