Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-48827 PoC — Internet Brands vBulletin 安全漏洞

Source
https://github.com/SystemVll/CVE-2025-48827
Associated Vulnerability
Title:Internet Brands vBulletin 安全漏洞 (CVE-2025-48827)
Description:vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP 8.1 or later, as demonstrated by the /api.php?method=protectedMethod pattern, as exploited in the wild in May 2025.
Description
This repository contains a proof-of-concept exploit for CVE-2025-48827, a critical authentication bypass vulnerability affecting vBulletin 5.0.0–5.7.5 and 6.0.0–6.0.3 when running on PHP 8.1 or later. The vulnerability allows unauthenticated attackers to invoke protected API methods remotely.
Readme
# CVE-2025-48827 - vBulletin Authentication Bypass Exploit

## Overview
This repository contains a proof-of-concept exploit for CVE-2025-48827, a critical authentication bypass vulnerability affecting vBulletin 5.0.0–5.7.5 and 6.0.0–6.0.3 when running on PHP 8.1 or later. The vulnerability allows unauthenticated attackers to invoke protected API methods remotely, potentially leading to remote code execution and full system compromise.

- **Author:** pszyszkowski
- **Severity:** Critical
- **CVE:** [CVE-2025-48827](https://nvd.nist.gov/vuln/detail/CVE-2025-48827)
- **References:**
  - https://karmainsecurity.com/dont-call-that-protected-method-vbulletin-rce

## Impact
Successful exploitation allows unauthenticated remote attackers to execute arbitrary system commands as the web server user, resulting in full system compromise.

## Requirements
- Python 3.7+
- `requests` library
- `colored` library
- `pyfiglet` library

Install dependencies:
```bash
pip install requests colored pyfiglet
```

## Usage
Prepare a text file (e.g., `targets.txt`) with one target URL per line:
```
http://example.com
https://forum.example.org
```

Run the exploit:
```bash
python main.py targets.txt
```

Optional: Set a custom timeout (default is 10 seconds):
```bash
python main.py targets.txt --timeout 20
```

## How It Works
- Checks if the target is running vBulletin by looking for common indicators.
- Sends a crafted unauthenticated request to `/ajax/api/ad/wrapAdTemplate`.
- Confirms exploitation by checking for specific patterns in the JSON response.
- Reports vulnerable targets and provides remediation advice.

## Remediation
- Upgrade to vBulletin 6.0.4+ before upgrading to PHP 8.1.
- Apply the latest security patches.

## Disclaimer
This tool is for educational and authorized security testing purposes only. Do not use against systems without explicit permission.
File Snapshot

 [4.0K]  /data/pocs/e3a75daa820b393d7d494eb36f0f5c73d86c33a4
├── [ 11K]  main.py
├── [ 230]  pyproject.toml
├── [1.8K]  README.md
└── [9.5K]  uv.lock

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →