Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-24734 PoC — MyBB 代码注入漏洞

Source
https://github.com/Altelus1/CVE-2022-24734
Associated Vulnerability
Title:MyBB 代码注入漏洞 (CVE-2022-24734)
Description:MyBB(MyBulletinBoard)是MyBB(MYBB)团队的开发的一套用PHP和MySQL开发的免费且基于Web的论坛软件。该软件具有简单易用、支持多国语言、可扩展等特点。 MyBB 存在安全漏洞,该漏洞源于Admin CP 的设置管理模块在插入和更新时无法正确验证设置类型,这会导致远程代码执行 (RCE) 漏洞。
Description
CVE-2022-24734 PoC
Readme
# CVE-2022-24734 PoC

An RCE can be obtained on MyBB's Admin CP in Configuration -> Add New Setting. The user must have a rights to add or update setting. This is tested on [MyBB 1.8.29](https://github.com/mybb/mybb/releases/tag/mybb_1829). 

![CVE gif](./CVE-2022-24734.gif)

## Sources:
- https://github.com/mybb/mybb/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24734
File Snapshot

 [4.0K]  /data/pocs/46fa4ec183275621d10abcad51a46d743fcd9162
├── [290K]  CVE-2022-24734.gif
├── [3.4K]  exploit.py
└── [ 385]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.