MyBB 1.8.25 – Chained Remote Command Execution Exploit

MyBB version 1.8.25 suffers from a chained remote command execution (RCE) flaw. Upgrade to version 1.8.26
The Latest Infosec News, Tools, and Exploits – Got Root?
MyBB version 1.8.25 suffers from a chained remote command execution (RCE) flaw. Upgrade to version 1.8.26
The MyBB Forum plugin Timeline version 1.0 is vulnerable to XSS(Cross site Scripting) and CSRF(Cross Site Request Forgery) attacks.
# Exploit Title: MyBB 1.8.17 – Cross-Site Scripting # Date: 2018-08-11 # Author: 0xB9 # Twitter: @0xB9Sec # Contact: 0xB9[at]pm.me # Software Link: https://mybb.com/download/ # Version: 1.8.17 # Tested on: Ubuntu 18.04 # CVE: CVE-2018-15596 […]
# Exploit Title: MyBB New Threads Plugin – Cross-Site Scripting # Date: 7/16/2018 # Author: 0xB9 # Twitter: @0xB9Sec # Contact: 0xB9[at]pm.me # Software Link: https://community.mybb.com/mods.php?action=view&pid=1143 # Version: 1.1 # Tested on: Ubuntu 18.04 # […]
# Exploit Title: MyBB ChangUonDyU Advanced Statistics Plugin v1.0.2 – Cross-Site Scripting # Date: 5/25/2018 # Author: 0xB9 # Twitter: @0xB9Sec # Contact: 0xB9[at]pm.me # Software Link: https://community.mybb.com/mods.php?action=view&pid=1125 # Version: 1.0.2 # Tested on: Ubuntu […]
# Exploit Title: MyBB Admin Notes Plugin – CSRF # Date: 2018-05-14 # Author: 0xB9 # Contact: luxorforums.com/User-0xB9 or 0xB9[at]pm.me # Software Link: https://community.mybb.com/mods.php?action=view&pid=1106 # Version: 1.1 # Tested on: Ubuntu 18.04 # 1. Description: […]