CVE-2023-41362 – MyBB ACP RCE Exploit

CVE-2023-41362 – MyBB ACP RCE Exploit

vPython by Prapattimynk

In MyBB 1.8, templates rely on HTML code with basic references to PHP variables, rendered by executing them as PHP code (eval()). This limitation is enforced through regular expression-based validatio

Android Android 5.0Exploits And POCs
( 553 ratings )
Price: $0
File MyBB ACP RCE Exploit
Publisher Prapattimynk
Genre Exploits And POCs
File Type Python
Os All
Mod Version Python
Report Report
MyBB ACP RCE Exploit is the most famous version in the MyBB ACP RCE Exploit series of publisher
Download

In MyBB 1.8, templates rely on HTML code with basic references to PHP variables, rendered by executing them as PHP code (eval()). This limitation is enforced through regular expression-based validation (performed during the importing of themes, and modification of individual templates).

However, the validation process did not account for runtime errors related to regular expression operations in PHP (PCRE) that may occur i.a. when resource limits are exceeded when attempting to process specific content.

As a result of using loose comparisons (which allow type juggling) in connection with PHP functions whose return types may change depending on the error state, the returned values may have been misinterpreted as those indicating safe content:

  • preg_match() (integer 0 indicating no suspicious content — boolean false on PCRE errors)
  • preg_replace() (string with all remaining expressions interpreted as unsafe — null on PCRE errors)


Recommended for You

You may also like

Comments

Your email address will not be published. Required fields are marked *

Next Post X
Ads Blocker Image Powered by Code Help Pro

AdBlocker Detected!!!

We have detected that you are using extensions to block ads. Please support us by disabling these ads blocker.