NTFS Alternate Data Stream vulnerability leaks webctrl.ini content
With Windows NTFS, appending "::$DATA" to a filename is an alternate name for accessing a file's contents (data).
This can be used in the Synchronet web server to defeat filename security checks, e.g. http://vert.synchro.net/members/webctrl.ini - fails with the expected error "403 Forbidden" while http://vert.synchro.net/members/webctrl.ini::$DATA - returns the contents of the sysop's members/webctrl.ini file
There are likely other instances of this type of vulnerability in the web server, so I wanted to have a discussion around a more wholistic solution than simply addressing this one-off example (which would require only a trivial change to websrvr.c).