Yep! You accessed a private file of passwords. Path traversal is sometimes called a dot-dot-slash attack since "../" climbs server directories.
"../"
Isn't index.html a public file anyway?
index.html