EIP-2026-104006

This exploit demonstrates a path traversal vulnerability in nginx versions <= 0.6.36. It uses URL-encoded sequences (%5c%2e%2e) to traverse directories and access arbitrary files, such as system.ini, outside the web root.