Discover how a critical Remote Code Execution vulnerability in vBulletin 6.0.1 allows unauthenticated attackers to execute PHP system functions using the exposed replaceAdTemplate method. Includes technical analysis and impact.

InfoSecWriteUps' platform is  dedicated to providing insights and resources for cybersecurity professionals and enthusiasts. Through articles, tutorials, and security research, InfoSecWriteUps offers insights into cybersecurity vulnerabilities, attack techniques, and defense strategies. Readers can learn about penetration testing, threat intelligence, and incident response to enhance their cybersecurity knowledge and skills.

InfoSec Write-ups

A critical Remote Code Execution vulnerability in vBulletin 6.0.1 allows unauthenticated attackers to execute arbitrary PHP code through the replaceAdTemplate method. The flaw affects vBulletin versions 5.1.0, 5.7.5, 6.0.1, and 6.0.3 running on PHP 8.1+. Attackers can exploit this by sending malicious POST requests to /ajax/api/ad/replaceAdTemplate with crafted template parameters, potentially leading to full server compromise. The vulnerability stems from improper exposure of protected methods through the front-end API.

Unauthenticated Remote Code Execution in vBulletin 6.0.1 via replaceAdTemplate Method

① Identify a Target (For Research Purposes Only)

② Monitor HTTP Requests Using Burp Suite