NASA has it, FBI has it, Most of the Govt agencies/organinzations has it and DRDO also has it, what is it ?
The above script will not work because, the administrator at DRDO was smart enough to set the REMOTE INCLUDE [something like that, i forgot the exact name] to DISALLOW in apache server configuration, thats why scripts within the host directory will alone run.
If the above setting [remote include] had not been done another serious vulnerability would have been induced, Its RFI [REMOTE FILE INCLUSION]
From the above URL’s it is pretty obvious that the index.jsp’s pg variable includes the local jsp page [awards.jsp/Director.jsp] in the frame, so if the remote include feature had been set on, we could have uploaded a jsp shell script on our server and we could included it inside index.jsp.
so that it will get executed on DRDO’s server and w00t, DRDO would have been r00t’ed.
This Vulnerablility had been reported to keeda/null on 17-10-10