source: https://www.securityfocus.com/bid/24345/info ASP Folder Gallery is prone to an arbitrary-file-download vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to download arbitrary files within the context of the affected webserver. http://www.example.com/aspfoldergallery/download_script.asp?file=viewimage.asp