Pen testing report (0)

matsLETS is susceptible to "Path Traversal: ../" attack.
Try "letslink.org/london/view.php?page=../custom/infobox"
On my laptop, I can make it display /etc/passwd via this url:
http://localhost/multilets/view.php?page=../../../../../etc/passwd%00a.h...
Fortunately it doesn't happen on the letslink.org server as it probably uses mod_security or something like that.