Extropia WebStore Directory Traversal Vulnerability
The routine web_store.cgi does not properly handle the $file_extension variable if null characters are used.
For example if the following URL was requested, the file in question would not be delivered to the user:
However, by using the escaped character "%00", the requested file would be accessed successfully:
Successful exploitation could lead to a remote intruder gaining read access to any known file.