===========================================================================
Author: PuN!Sh3r
Vulnerable Software: Maian Survey v 1.1
Official Site:http://www.maianscriptworld.co.uk/
===========================================================================
Vuln Desc:

1.Local File Inclusion:

Vuln  here : http://victim.tld/[PATH]/admin/index.php?cmd=LFİ_here


Where is the Vuln???
Let's look snippet code.
------------------------------------------------------------------
\\admin/index.php
===============================_-Snip-_=================================


$cmd = (isset($_GET['cmd']) ? $_GET['cmd'] : 'home');

include(PATH.'templates/'.$cmd.'.php');

===============================_-End Snipp-_===========================


2.Open Forward vuln:
Desc: We can Redirect users to another page(For Phising).

===============================_-Snip-_=================================

header("Location: ".REL_PATH."index.php?survey=".$_GET['preview']);

===============================_-End Snipp-_===========================




+++++++++My Special thanks to:++++++++++++++++

Anti-armenia.org & Anti-armenia Team

Greetz to My close friend ikus4 && All Azerbaijani blackhatzzz


Respect!!

./PuN!Sh3r