From: Mnemonix Subject: FormHandler.cgi FormHandler.cgi available from http://www.cgi-perl.com/programs/FormHandler uses hard coded physical paths for templates etc so it's possible to get sensitive files like /etc/passwd by modifying a site's f orm and submitting it. Cheers, David Litchfield http://www.infowar.co.uk/mnemonix/ Cerberus Information Security +44(0)181 661 7405