MyBB Heartbleed Exploit By E2MA3N

Iranian security researcher E2MA3N has made MyBB exploit program for Heartbleed vulnerability. E2MA3N in cooperation with Red Hat Hackers –  RHH – made a small program to use on vulnerability CVE-2014-0160.

Vulnerability CVE-2014-0160 or Heartbleed:

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

E2MA3N exploit program is bash code and used to extract cookie, password and email address from MyBB and output to text file for easy access. MyBB is a free PHP and MySQL based discussion system.

Leave a Reply

Your email address will not be published. Required fields are marked *