Exploit: http://your.server/cgi-bin/www-sql/protected/something.html you get the requested file Christophe Leroy