myBB Shell Upload Vulnerability (works on all versions)

What do you need:

• Modified myBB skin xml
• A working shell
• Common Sense

Steps on how to get this working:

• To start out we are going to head on over to the admincp, there is usually a link to it at the top of the page. Once logged in, you will see a tab labled Styles and Templates or something close to that. Now import a new theme (the modified xml linked above). 

 

 

 Now head over to the board index, at the top you will see at nice little upload shell. Now if you want to be sneeky about this, I suggest not setting the theme as the overall default but just make it the default for your account.

• Ok so we have an up load, now what. Click browse and look for your shell. to the right of the browse button, you will see newfile.php, change this to read ./upload/SHELLNAME.php this is important that you write it this way. Any readable dir will work. I just choose upload for demonstrational purposes.
• Now navigate to where you uploaded the shell (site.com/upload/shell.php)

And there you go fully working shell that bypasses regex security on myBB. I really wish I could have held onto this longer, but what can you do. HAPPY HACKING!