CVE-2006-2908

MyBulletinBoard 1.1.2 - Remote Code Execution via Username Field Preg Replace

Title source: manual

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2908. PoCs published by Javier Olascoaga.

AI-analyzed exploit summary This exploit targets a command injection vulnerability in MyBB by creating a malicious user with a username containing a system command. It then logs in as this user and executes arbitrary commands via HTTP headers.

Description

The domecode function in inc/functions_post.php in MyBulletinBoard (MyBB) 1.1.2, and possibly other versions, allows remote attackers to execute arbitrary PHP code via the username field, which is used in a preg_replace function call with a /e (executable) modifier.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Javier Olascoaga · perlwebappsphp

https://www.exploit-db.com/exploits/1909

View Code ZIP pw:eip

This exploit targets a command injection vulnerability in MyBB by creating a malicious user with a username containing a system command. It then logs in as this user and executes arbitrary commands via HTTP headers.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: MyBB (version not specified, likely pre-2006)

Auth required

Prerequisites: Valid MyBB installation with registration enabled · Admin username length >= 28 characters · Ability to create a user account

MITRE ATT&CK