https://www.exploit-db.com/exploits/21475
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200210-193

LocalWEB2000是一款适合个人用户的Web服务器程序，可使用在Windows操作系统下。LocalWEB2000在文件保护机制实现中存在漏洞，可导致远程攻击者绕过保护访问文件内容。LocalWEB2000存在文件保护功能，不过由于设计错误，攻击者可以提交包含’./’并追加相应要查看文件名的URL来绕过文件保护功能，造成敏感信息泄露。此漏洞测试于LocalWEB2000StandardVersion2.1.0，其他版本也可能存在此漏洞。

source: http://www.securityfocus.com/bid/4820/info

A vulnerability exists in LocalWEB2000 related to content password protection. It is possible to have LocalWEB2000 treat files as unprotected by requesting them as files within the '.' (current) directory. If the file http://server/file.txt is set to be password protected, the protection will be bypassed if a request is made for http://server/./file.txt. This is likely due to a design error in the protection component.

This vulnerability was reported for LocalWEB2000 Standard Version 2.1.0. Other versions (such as the Professional Edition) may also be affected by this issue. 

http://target/./protectedfolder/protectedfile.htm

来源:BID
名称:4820
链接:http://www.securityfocus.com/bid/4820
来源:XF
名称:localweb2k-protection-bypass(9165)
链接:http://www.iss.net/security_center/static/9165.php
来源:BUGTRAQ
名称:20020524[SecurityOffice]LocalWeb2000WebServerProtectedFileAccessVulnerability
链接:http://online.securityfocus.com/archive/1/274020
来源:VULNWATCH
名称:20020524[SecurityOffice]LocalWeb2000WebServerProtectedFileAccessVulnerability
链接:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0079.html