Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-48827 PoC — Internet Brands vBulletin 安全漏洞

Source
https://github.com/SystemVll/CVE-2025-48827
Associated Vulnerability
Title:Internet Brands vBulletin 安全漏洞 (CVE-2025-48827)
Description:Internet Brands vBulletin是Internet Brands公司的一个论坛插件。 Internet Brands vBulletin 5.0.0至5.7.5版本和6.0.0至6.0.3版本存在安全漏洞,该漏洞源于未经身份验证的用户可能调用受保护的API控制器方法。
Description
This repository contains a proof-of-concept exploit for CVE-2025-48827, a critical authentication bypass vulnerability affecting vBulletin 5.0.0–5.7.5 and 6.0.0–6.0.3 when running on PHP 8.1 or later. The vulnerability allows unauthenticated attackers to invoke protected API methods remotely.
Readme
# CVE-2025-48827 - vBulletin Authentication Bypass Exploit

## Overview
This repository contains a proof-of-concept exploit for CVE-2025-48827, a critical authentication bypass vulnerability affecting vBulletin 5.0.0–5.7.5 and 6.0.0–6.0.3 when running on PHP 8.1 or later. The vulnerability allows unauthenticated attackers to invoke protected API methods remotely, potentially leading to remote code execution and full system compromise.

- **Author:** pszyszkowski
- **Severity:** Critical
- **CVE:** [CVE-2025-48827](https://nvd.nist.gov/vuln/detail/CVE-2025-48827)
- **References:**
  - https://karmainsecurity.com/dont-call-that-protected-method-vbulletin-rce

## Impact
Successful exploitation allows unauthenticated remote attackers to execute arbitrary system commands as the web server user, resulting in full system compromise.

## Requirements
- Python 3.7+
- `requests` library
- `colored` library
- `pyfiglet` library

Install dependencies:
```bash
pip install requests colored pyfiglet
```

## Usage
Prepare a text file (e.g., `targets.txt`) with one target URL per line:
```
http://example.com
https://forum.example.org
```

Run the exploit:
```bash
python main.py targets.txt
```

Optional: Set a custom timeout (default is 10 seconds):
```bash
python main.py targets.txt --timeout 20
```

## How It Works
- Checks if the target is running vBulletin by looking for common indicators.
- Sends a crafted unauthenticated request to `/ajax/api/ad/wrapAdTemplate`.
- Confirms exploitation by checking for specific patterns in the JSON response.
- Reports vulnerable targets and provides remediation advice.

## Remediation
- Upgrade to vBulletin 6.0.4+ before upgrading to PHP 8.1.
- Apply the latest security patches.

## Disclaimer
This tool is for educational and authorized security testing purposes only. Do not use against systems without explicit permission.
File Snapshot

 [4.0K]  /data/pocs/e3a75daa820b393d7d494eb36f0f5c73d86c33a4
├── [ 11K]  main.py
├── [ 230]  pyproject.toml
├── [1.8K]  README.md
└── [9.5K]  uv.lock

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.