CVE-2022-24734 PoC — MyBB 代码注入漏洞

Source

https://github.com/lavclash75/mybb-CVE-2022-24734

Associated Vulnerability

Title:MyBB 代码注入漏洞 (CVE-2022-24734)
Description:MyBB（MyBulletinBoard）是MyBB（MYBB）团队的开发的一套用PHP和MySQL开发的免费且基于Web的论坛软件。该软件具有简单易用、支持多国语言、可扩展等特点。 MyBB 存在安全漏洞，该漏洞源于Admin CP 的设置管理模块在插入和更新时无法正确验证设置类型，这会导致远程代码执行 (RCE) 漏洞。

Description

MyBB 1.8.29 - Remote Code Execution

Readme

# mybb-CVE-2022-24734
MyBB 1.8.29 - Remote Code Execution
````
git clone https://github.com/lavclash75/mybb-CVE-2022-24734.git
cd "mybb-CVE-2022-24734"
docker-compose down
docker system prune -a
docker rm -f $(docker ps -a -q)
docker volume rm $(docker volume ls -q)
docker-compose up -d
````

File Snapshot


 [4.0K]  /data/pocs/f39de8a93e7ac06efa898a3008a5181bc92d1f15
├── [ 503]  docker-compose.yml
├── [4.1K]  exploit.py
├── [4.0K]  nginx
│   └── [ 693]  default.conf
└── [ 293]  README.md

1 directory, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!