MyBB Admin Escalation Exploit 02-06-2013, 11:31 PM
#1
Posted on February 6, 2013
Affected URL: {$mybb->settings['bburl']}/merge/index.php
Exploit Type: Unauthenticated Execution
Versions Affected: Merge System <= 1.6.7, MyBB <= 1.6.9
Details:
The MyBB merge system asks for no authentication information when doing a merge, just the database information of the source. This is exploitable by merging a MyBB database with a known admin access userpass combo. This can easily be created by making a new vanilla mybb board. The only requirement is the database it’s on is accessible by the slave server. The best way to eliminate this exploit is require some sort of userpass combination on the Merge system.
Exploit credits: Rallias/Nohbody
*He gave me permission to post this here*
Affected URL: {$mybb->settings['bburl']}/merge/index.php
Exploit Type: Unauthenticated Execution
Versions Affected: Merge System <= 1.6.7, MyBB <= 1.6.9
Details:
The MyBB merge system asks for no authentication information when doing a merge, just the database information of the source. This is exploitable by merging a MyBB database with a known admin access userpass combo. This can easily be created by making a new vanilla mybb board. The only requirement is the database it’s on is accessible by the slave server. The best way to eliminate this exploit is require some sort of userpass combination on the Merge system.
Exploit credits: Rallias/Nohbody
*He gave me permission to post this here*
![[Image: BAvhP6h.png]](http://i.imgur.com/BAvhP6h.png)
Code:
[5:42:25 PM] i0xillusi0n: Breshie don't bust a nut over chloe now
[5:42:31 PM] Entity: fapfapfapfapfapfapfapfapfapfap
[5:42:33 PM] Jigglypuff | SL: EWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)
![[Image: JJR.jpg]](https://dl.dropboxusercontent.com/u/18819048/JJR.jpg)
![[Image: fSEZXPs.png]](https://i.imgur.com/fSEZXPs.png)