есть уязвимость на чтение файлов типа http://site.ru/?page=../../../../../../../../boot.ini. Гдето прочитал что таким способом можна заюзать cmd. Обьясните плз.

For example, a URL request which makes use of the scripts directory of IIS to traverse directories and execute a command can be:

http://server.com/scripts/..%5c../Windows/System32/
cmd.exe?/c+dir+c:\

The request would return to the user a list of all files in the C:\ directory by executing the cmd.exe command shell file and run the command "dir c:\" in the shell. The %5c expression that is in the URL request is a web server escape code which is used to represent normal characters. In this case %5c represents the character "\".

пробовал как написано не работает