Reported October 3, 2003 by Bahaa Naamneh.
Minihttpserver File Sharing for net 1.5
A directory-traversal vulnerability in Minihttpserver File Sharing for net 1.5 can permit an attacker read access to any file outside the intended Web-published file system directory. The attacker can exploit the vulnerability by using the '../' or '..\' string in a URL.
<span style="font-family:Verdana"> </h3>
Verdana">The discoverer posted the following demonstration as proof of concept:</h3>
<span style="font-size: 10.0pt; font-family: Courier New">Examples:</h3>
http://127.0.0.1/../../../ Program Files/FileSharing for NET/User.ini
<span style="font-family:Verdana"><a href="http://www.minihttpserver.net/home/index.php">Minihttpserver.net</a> has been notified and will release a patch for this vulnerability.</h3>
Discovered by Bahaa Naamneh.