There is a bug in Expressions server where you can view any file on the drive that the server is installed on by using simple ../../ Example: If eshare server Is installed at: C:\eshare\expressions And lets say this is an NT4.0 machine with os installed in c:\winnt It is possible to pull win.ini file from winnt directory using Proto://domainname.com/../../../../../winnt/win.ini Any file can be viewed in the manner.
