Proof of concept exploit for MyBB version 1.1.2 that makes use of a flaw where user input is not properly sanitized.
b97bc347ff4a06fe79245d24aa4d71f4ce12dfdd5a51353ada535d4a1c44b413
Secunia Research has discovered a vulnerability in MyBB, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the username field when registering is not properly sanitized before being used in a "preg_replace" call with the "e" modifier in the "domecode()" function in inc/functions_post.php. This can be exploited to execute arbitrary PHP code by first registering with a specially crafted username and then previewing a post containing the "/slap" string. The vulnerability has been confirmed in version 1.1.2. Prior versions may also be affected.
c59306225b180770f26b6156627ae47fc1bec7b713c1aec00ae29f93c21adac2