post-discovery in web vulnerability

[davemitch () mailinator com]

hi all,
on using a vulnerability scanner for web applications (wapiti) on an internal website, the output is a list of attack 
URLs ,like the one below

hxxp://192.168.x.y*/pages/abstract.asp?paperid=..%2F..%2F..%2F..%2F..%2F..%2 F..%2F..%2F..%2F..%2Fboot.ini

On pasting the URL in a browser, the error message is like this

__________________________________________________ 

Microsoft VBScript runtime error '800a000d' 

Type mismatch: '[string: "¿'"("]' 

E:\INETPUB\VHOSTS\****.***.***\HTTPDOCS\WEBROOT\PA GES\../includes/toplinks-archive-courses-spas.asp, line 1
__________________________________________________ __________________________________________________ 

What needs to be done next, to exploit the vulnerability detected by the vulnerability scanner -wapiti ?
Any ideas or suggestions in this regard are welcome.

thankx

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------