You really can't upload an entire directory using the standard HTML form tools. They only permit a single file to be sent, as you have observed. There are alternatives, though:

• Ask that the user ZIP the files together first, and your CGI can un-ZIP this archive on the other end. This way you can send as many files as you want in one go, plus they're compressed to speed up transfers.
• Write a Java application which asks for permission to read files from disk, so that it can forward them to your CGI application using HTTP, but the transfer is done by the Java application and not by the browser.

Netscape and Internet Explorer, for example, are not designed to allow this kind of access to the user's computer. JavaScript can be dangerous enough, and it's pretty crippled with the level of access it has to your computer.

There was an "attack" you could do with an auto-submitting form that had a file-upload select which had a value set to something like your Netscape 'preferences.js' file, such as "C:\Program Files\Netscape\Users\default\preferences.js", so they could presumably steal passwords and what have you. It depended on you having your files in the default installation directory.