Filter by tag: mybb

MyBB <= 1.8.20: From Stored XSS to RCE

14 min read 11 Jun 2019 by Simon Scannell
This blog post shows how an attacker can take over any board hosted with MyBB prior to version 1.8.21 by sending a malicious private message to an administrator or by creating a malicious post. We use a chain of two security vulnerabilities detected in the code.