Lucene search
+L

Power Up Information Disclosure

🗓️ 03 Nov 2005 00:00:00Reported by Copyright (C) 2001 SecuriTeam & Copyright (C) 2001 Noam RathausType 
openvas
 openvas
🔗 plugins.openvas.org👁 45 Views

Power Up Information Disclosure on remote server, allowing attackers to access critical system information via CG

Related
Refs
Code
ReporterTitlePublishedViews
Family
CVE
CVE-2001-1138
15 Mar 200205:00
cve
Cvelist
CVE-2001-1138
15 Mar 200205:00
cvelist
EUVD
EUVD-2001-1119
7 Oct 202500:30
euvd
NVD
CVE-2001-1138
7 Sep 200104:00
nvd
# SPDX-FileCopyrightText: 2001 Noam Rathaus
# SPDX-FileCopyrightText: 2001 SecuriTeam
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.10776");
  script_version("2025-04-15T05:54:49+0000");
  script_tag(name:"last_modification", value:"2025-04-15 05:54:49 +0000 (Tue, 15 Apr 2025)");
  script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
  script_cve_id("CVE-2001-1138");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_name("Power Up Information Disclosure");
  script_category(ACT_ATTACK);
  script_copyright("Copyright (C) 2001 SecuriTeam & Copyright (C) 2001 Noam Rathaus");
  script_family("Web application abuses");
  script_dependencies("find_service.nasl", "no404.nasl", "webmirror.nasl", "DDI_Directory_Scanner.nasl", "os_detection.nasl", "global_settings.nasl");
  script_require_ports("Services/www", 80);
  script_exclude_keys("Settings/disable_cgi_scanning");

  script_xref(name:"URL", value:"http://www.securiteam.com/unixfocus/5PP062K5FO.html");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/3304");

  script_tag(name:"solution", value:"Disable access to the CGI until the author releases a patch.");

  script_tag(name:"summary", value:"The remote server is using the Power Up CGI.
  This CGI exposes critical system information, and allows remote attackers
  to read any world readable file.");

  script_tag(name:"solution_type", value:"Mitigation");

  script_tag(name:"qod_type", value:"remote_vul");

  exit(0);
}

include("host_details.inc");
include("os_func.inc");
include("misc_func.inc");
include("traversal_func.inc");
include("http_func.inc");
include("http_keepalive.inc");
include("port_service_func.inc");
include("list_array_func.inc");

port = http_get_port( default:80 );

files = traversal_files();

foreach dir( make_list_unique( "/", "/cgi-bin/powerup", "/cgi_bin/powerup", http_cgi_dirs( port:port ) ) ) {

  if( dir == "/" ) dir = "";

  foreach url( make_list( dir + "/r.cgi",
                          dir + "/r.pl" ) ) {

    foreach file( keys( files ) ) {

      url = string( url, "?FILE=../../../../../../../../../../", files[file] );

      if( http_vuln_check( port:port, url:url, pattern:file ) ) {
        report = http_report_vuln_url( port:port, url:url );
        security_message( port:port, data:report );
        exit( 0 );
      }
    }
  }
}

exit( 99 );

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation