source: wwwsecurityfocuscom/bid/2003/info
NCSA HTTPd and comes with a CGI sample shell script, test-cgi, located by default in /cgi-bin This script does not properly enclose an "ECHO" command in quotes, and as a result "shell expansion" of the * character can occur under some configurations This allows a remote attacker to obtain file l ...