MyBB Forum Patches Vulnerabilities That Allow Site Takeover (Jun 11, 2019)
Researchers at RIPS Technologies identified a vulnerability in MyBB forum allowing for remote code execution. By creating a PHP backdoor from chaining a Stored XSS vulnerability with a File Write vulnerability, an attacker can gain access under any name, researchers discovered they could upload a PHP shell to gain access to the server. In order to trigger an attack, a malicious message containing an XSS exploit could be sent and opened by an administrator prompting the PHP backdoor to be created, giving the attacker full access. After the vulnerability was reported to MyBB by RIPS Technologies, MyBB released a patch on June 10th fixing the vulnerabilities.
Recommendation: Any site using MyBB should immediately download the patched new version, as not upgrading can allow for attackers to gain complete control of the site, and server.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.