目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CVE-2025-48828 PoC — Internet Brands vBulletin 安全漏洞

来源
https://github.com/ill-deed/vBulletin-CVE-2025-48828-Multi-target
关联漏洞
标题:Internet Brands vBulletin 安全漏洞 (CVE-2025-48828)
Description:Internet Brands vBulletin是Internet Brands公司的一个论坛插件。 Internet Brands vBulletin存在安全漏洞,该漏洞源于模板条件可能被滥用执行任意PHP代码。
Description
Batch RCE scanner for vulnerable vBulletin instances using replaceAdTemplate exploit.
介绍
# 💥 vBulletin Remote Code Execution Scanner (replaceAdTemplate)

This Python tool automates the detection of **unauthenticated RCE** vulnerabilities in **vBulletin** via the `replaceAdTemplate` exploit vector. Based on the original proof-of-concept by **EgiX**, this version supports **batch scanning**, **multithreading**, and logs confirmed vulnerable targets to `vuln.txt`.

## 🔥 Vulnerability Details

- **Exploit Name**: `replaceAdTemplate` RCE
- **CVE**: CVE-2025-48828
- **Affected**: Vulnerable versions of vBulletin using the `ajax/api/ad/replaceAdTemplate` route
- **Impact**: Remote Code Execution (unauthenticated)

## ⚙️ Features

- 🧠 Automatic command execution (`id`) to confirm RCE
- 🔎 Batch scan from a file (`targets.txt`)
- ⚡ Fast, multi-threaded scanner
- 🧾 Logs vulnerable targets and their output to `vuln.txt`
- 💬 Clean, modular codebase

## 📦 Requirements

- Python 3.x
- `requests` module

Install dependencies (if not already installed):

```bash
pip install requests
```

## 📂 Usage

1. Prepare your target list
Create a file named targets.txt and add one target URL per line:
```
http://example.com/vb/
https://target.net/forum/
192.168.1.100:8080/vb/
```

2. Run the scanner:
```
python3 scanner.py
```

3. Check vuln.txt for results:
```
http://victim.com/vb | uid=33(www-data) gid=33(www-data) groups=33(www-data)
```

## ⚙️ Configuration

You can change these settings in the script:

COMMAND: Shell command to execute (default: id)

EXPECTED_OUTPUT: Expected substring to confirm execution (default: uid=)

THREADS: Number of concurrent scans (default: 20)

TARGET_FILE: Input file of domains (default: targets.txt)

OUTPUT_FILE: Output log file (default: vuln.txt)


## ⚠️ Disclaimer

This code is provided for educational and authorized security testing purposes only. Unauthorized use against systems without permission is illegal. The author and contributors are not responsible for misuse or damage caused by this software.

## 🙏 Credits

Original exploit author: EgiX

Python adaptation & batch scanner: ill deed


## 📄 License

MIT License – use responsibly.
文件快照

 [4.0K]  /data/pocs/37f0c8e2593973681d86a20240f2646a62490753
├── [1.0K]  LICENSE
├── [2.1K]  README.md
└── [2.3K]  scanner.py

0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。