Yes, setting up a target server such as Jade suggests would be fun. We could organize it as an informal contest ...
As far as the specific issue Jens raises, i.e. can you walk up the directory tree and get into areas you shouldn't be able to play in, there's no direct way to do this. However as noted the request processor is complex and complex code has a higher probability of being broken than simple code.