source: https://www.securityfocus.com/bid/6055/info
A vulnerability exists in Mailreader.com which may enable remote attackers to disclose the contents of arbitrary webserver readable files. An attacker may exploit this issue by submitting a malicious web request containing dot-dot-slash (../) directory traversal sequences. The request must be for a known resource, and the file request must be appended by a null byte (%00).
http://www.example.com/cgi-bin/mail/nph-mr.cgi?do=loginhelp&configLanguage=../../../../../../../etc/passwd%00
