This Metasploit module exploits a SQL injection vulnerability found in vBulletin versions 5.6.1 and below. This module uses the getIndexableContent vulnerability to reset the administrator's password and it then uses the administrators login information to achieve remote code execution on the target. This module has been tested successfully on vBulletin version 5.6.1 on the Ubuntu Linux distribution.
ab383c3c011e7017caccbf3f14a2893505f109f7315cb558a626bdfe3e283ccb
vBulletin version 5.6.1 suffers from a remote SQL injection vulnerability.
e9bdd1a9c7ac4c698df1254cb099a495abfb2879f7affcf386aead86ed8ab655