A naively configured server can be too permissive about what files it returns. This may allow an hacker to access files that were never intended for public consumption. Let's see how.