Reported October 3, 2003 by Bahaa Naamneh.
Minihttpserver File Sharing for net 1.5
A directory-traversal vulnerability in Minihttpserver File Sharing for net 1.5 can permit an attacker read access to any file outside the intended Web-published file system directory. The attacker can exploit the vulnerability by using the '../' or '..\' string in a URL.
The discoverer posted the following demonstration as proof of concept:
http://127.0.0.1/../../../ Program Files/FileSharing for NET/User.ini
Minihttpserver.net has been notified and will release a patch for this vulnerability.
Discovered by Bahaa Naamneh.