#!/usr/local/bin/perl -w

use CGI;                          
use strict;

my $q = new CGI;                        
my $p = $q->Vars;

local $/ = undef;
 
my $file = $p->{file};      #  ?file=doc1.txt            <-- Должно 
open F, $file or die $!;    #  ../../../../../etc/passwd <-- Хек
my $data = <F>;
close F;

print $q->header,                 
      $q->start_html, 
      $q->h1($data),
      $q->end_html;          

#.......................
#<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
#</head>
#<body>
#<h1>root:x:0:0:root:/root:/bin/bash
#bin:x:1:1:bin:/bin:/bin/false
#daemon:x:2:2:daemon:/sbin:/bin/false
#mail:x:8:12:mail:/var/spool/mail:/bin/false
#ftp:x:14:11:ftp:/srv/ftp:/bin/false
#http:x:33:33:http:/srv/http:/bin/false
#nobody:x:99:99:nobody:/:/bin/false
#dbus:x:81:81:System message bus:/:/bin/false
#policykit:x:102:101:PolicyKit:/:/sbin/nologin
#hal:x:82:82:HAL daemon:/:/bin/false
#ryuk:x:1000:100:Dima,Rubalko,,:/home/ryuk:/bin/zsh
#avahi:x:84:84:Avahi daemon:/:/bin/false
#</h1>
#</body>
#</html>%
#[~/src/perl/test]-»
#23:28