exploit-db-mirror/exploits/windows/remote/31231.txt

source: http://www.securityfocus.com/bid/27872/info

SCI Photo Chat is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting this issue may allow an attacker to access sensitive information that could aid in further attacks.

This issue affects SCI Photo Chat 3.4.9 and prior versions. 

GET /docs/..\..\..\..\..\boot.ini HTTP/1.0
GET /docs/../../../../../boot.ini HTTP/1.0