Again bad permissions, the user should not have write ability to anything outside of their home dir
And again it is not "bad permissions". I would like for you to explain to me how you think a web site works. You cannot set read permissions on all folders even though you might think so. Iin this "exploit" you are viewing the ROOTDIRs of peoples webpages. And a read permission on one of those folders will result in the inability to view that web page. There would be no point in trying to fix this "exploit" by changing the "bad permissions" for you will be doing more harm then the "exploit" it self.