FishMonger, you have my full respect, here and elsewhere. You're only doing your job, and I respect that.
I've crafted a script that allows directory traversal of any site regardless of the .htaccess or index.html file parsed.
This has opened the web in ways layfolks can't imagine.
Remember the "/%3f" exploit back in the 90's? This brings it all back WITH extras...lol.
If you do a CD?/../ (Change Directory) in the URL, it works as if you actually have root from a command prompt...on ANY site.
My son knows about this exploit, and he, being the gamer he is, will probably let it slip. He owns a major Gamer Website.
If you have <title> in any webpage, it works simply in the address bar...Protected directories have such, but not as we would script.
This is the flaw....The server will show the name of the directory, but this takes it well beyond that.
The DOM is somewhat in play here....Most browsers look for a certain criteria in the header, but this PERL script, which uses LWP, does an added unthought of query.
Cached requests are the propriorty of any site, and thereby there is a certain window of oppertunity.
Hence, the flaw.
My obviously misguided, poorly scripted experiments brought this (OOPS) flaw to surface. I've tried it across the main browsers, but Chrome doesn't parse-out like the rest do. Maybe the big folks know about this?