ht://dig is a web content search engine for Unix platforms. The software is set up to allow for file inclusion from configuration files. Any string surrounded by the opening singlw quote character ( ` ) is taken as a path to a file for inclusion, for example:
htdig will also allow included files to be specified via form input. Therefore, any file can be specified for inclusion into a variable by any web user.
will return a page with the contents of /etc/passwd in the 'exclude' field.
ht://Dig contains a flaw that allows a remote attacker to access arbitrary files. This flaw exists because the 'htsearch.cgi' script does not validate user-supplied input containing backticks (`), which could allow a remote attacker to access arbitrary files resulting in a loss of confidentiality.
Currently, there are no known workarounds or upgrades to correct this issue. However, The ht://Dig Group has released a patch to address this vulnerability.