Back to directory

WRITEUP #1655

MyBB <= 1.8.31: Remote Code Execution Chain

RCESQL injectionStored XSS

byAleksey Solovev

Program

MyBB

Published

Jan 25, 2023

Added to HackDex

Jan 26, 2023

Read Full Writeuphttps://swarm.ptsecurity.com/mybb-1-8-31-remote-code-execution-chain/

▸ RELATED WRITEUPS

Exploiting authorization by nonce in WordPress plugins

RCEArbitrary file upload

SSD Advisory – SonicWall SMA100 Stored XSS To RCE

RCEOS command injection

Vulnerabilities in Open Source C2 Frameworks

RCEOS command injection

[2,500$ Bug Bounty Write-Up] Remote Code Execution (RCE) via unclaimed Node package

RCEDependency confusion

Attacking PowerShell CLIXML Deserialization

DeserializationInsecure deserialization

Built with ❤️ by Shubham Rawat