COMMAND

    main.cgi

SYSTEMS AFFECTED

    Technote 2000 (maybe 2001)

PROBLEM

    Following is based on a Ksecurity Advisory.  Technote is a  famous
    Korean  cgi  board.   In  main.cgi,  there  is failure to properly
    validate user input which arguments a call to open().   FREE_BOARD
    is a default db.

        http://localhost/technote/main.cgi/oops?board=FREE_BOARD&command=down_load&filename=/../../../main.cgi

SOLUTION

    Nothing yet.