Posted by Taoguang Chen on Nov 26

#MyBB <= 1.8.2 unset_globals() Function Bypass and Remote Code
Execution Vulnerability

Taoguang Chen <[ () chtg57](twitter.com/chtg57)> – 2014.11.21

##I. MyBB’s unset_globals() Function Bypass

When PHP’s register_globals configuration set on, MyBB will call
unset_globals() function, all global variables registered by PHP from
$_POST, $_GET, $_FILES, and $_COOKIE arrays will be destroyed.

“`…