Share
## https://sploitus.com/exploit?id=PACKETSTORM:226151
# Exploit Title: EZ Game Booster v1.0.0 - Cleartext Credentials in user.config
    # Date: 2026-07-16
    # Exploit Author: Alireza Chegini
    # Vendor Homepage: https://ezsystemrepairs.com
    # Software Link: https://ezsystemrepairs.com (Free version available)
    # Version: 1.0.0 (v2.0 exists but not tested - paid license required)
    # Tested on: Windows 10 / Windows 11
    # CVE: Pending
    ============================================================
    
    1. Description
       EZ Game Booster v1.0.0 stores user credentials (username, password,
       email, licenseKey) in plaintext within a .NET user.config file.
       This is a CWE-312 vulnerability allowing local credential theft.
    
    2. Affected File Path
       C:\Users\%USERNAME%\AppData\Local\ezgamebooster\
       ezgamebooster_Url_fgj2qz5coiw33xftcp3agaqkgxc51bkk\1.0.0.0\user.config
    
    3. Exposed Fields (stored in cleartext)
       - username
       - password
       - email
       - fullname
       - licenseKey
       - machineCode
    
    4. Sample user.config Structure
    The following is the exact content of the user.config file found on
    the researcher’s system:
    <?xml version="1.0" encoding="utf-8"?>
    <configuration>
    <userSettings>
    <ezgamebooster.My.MySettings>
    <setting name="username" serializeAs="String">
    <value>nimaarek</value>
    </setting>
    <setting name="password" serializeAs="String">
    <value>CanYouSeeMyPassword?!</value>
    </setting>
    <setting name="machineCode" serializeAs="String">
    <value>N414NBC****BDBMB</value>
    </setting>
    <setting name="role" serializeAs="String">
    <value>Free</value>
    </setting>
    <setting name="active" serializeAs="String">
    <value>2026-07-15 16:38:52</value>
    </setting>
    <setting name="created_at" serializeAs="String">
    <value>2026-07-15 16:38:52</value>
    </setting>
    <setting name="email" serializeAs="String">
    <value>nim44r3k@gmail.com</value>
    </setting>
    <setting name="fullname" serializeAs="String">
    <value>AliReza Chegini</value>
    </setting>
    <setting name="subinfo" serializeAs="String">
    <value>Basic</value>
    </setting>
    <setting name="usernameChanged" serializeAs="String">
    <value>True</value>
    </setting>
    <setting name="rememberMe" serializeAs="String">
    <value>True</value>
    </setting>
    <setting name="licenseKey" serializeAs="String">
    <value>A325-****-B084-****</value>
    </setting>
    <setting name="isLoggedIn" serializeAs="String">
    <value>False</value>
    </setting>
    </ezgamebooster.My.MySettings>
    </userSettings>
    </configuration>
    
    5. Impact
       - Credential theft via local file read
       - Credential stuffing attacks on other platforms
       - License key theft for unauthorized activation
    
    6. Steps to Reproduce
       a. Install and run EZ Game Booster v1.0.0
       b. Create an account or log in
       c. Browse to: %LOCALAPPDATA%\ezgamebooster\
          ezgamebooster_Url_fgj2qz5coiw33xftcp3agaqkgxc51bkk\1.0.0.0\
       d. Open user.config with Notepad
       e. Observe plaintext password, email, and licenseKey
    
    7. Remediation
       Encrypt sensitive data using DPAPI before serialization.
       Use Windows Credential Manager for credential storage.
    
    8. Author's Note on Discovery
       "I discovered this while uninstalling the software and checking for
       leftover files. I was not performing any targeted security research
       at the time β€” I simply found my credentials in plaintext by accident."
    
    
    Best regards,
    AliReza Chegini - nimaarek
    nim44r3k@gmail.com - priv8@tuta.io