Miniwebsvr version 0.0.6 appears to be susceptible to a one level directory traversal flaw.
e4a1d7d3b80e79f93838d2c8f59e236705a2a65ce62953485b6d42a12fec6fa1
Hello!
Miniwebsvr 0.0.6 suffers from a directory traversal flaw.
"Exploit" :
http://yoursite/..%00
Attack vector seems limited as you're only able to list one level down.
Cheers,
Daniel Nyström, daniel.nystrom@xored.net
Fredrik Wessberg, fredd3@hotmail.com