header-logo
Suggest Exploit
vendor:
Power Up HTML
by:
SecurityFocus
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: Power Up HTML
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Power Up HTML Directory Traversal Vulnerability

A vulnerability exists in Power Up HTML which allows directory traversal through the web server using ../ strings in a CGI request. This directory traversal can be used to view or execute arbitrary files on the webserver to which the web service has permissions. Failure to filter metacharacters from HTTP requests can allow user-supplied values to run.

Mitigation:

Filter metacharacters from HTTP requests.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/3304/info

Power Up HTML is a set of HTML-like commands that can be placed into web pages. It provides a central routing point to simplify programming and customization of CGI scripts.

A vulnerability exists in Power Up HTML which allows directory traversal through the web server using ../ strings in a CGI request. This directory traversal can be used to view or execute arbitrary files on the webserver to which the web service has permissions. Failure to filter metacharacters from HTTP requests can allow user-supplied values to run. 

http://www.target.com/cgi-bin/powerup/r.cgi?FILE=../../../../../etc/passwd

Navigation

Suggest Exploit

Services By CQR