This Metasploit module exploits a SQL injection vulnerability found in vBulletin 5 that has been used in the wild since March 2013. This Metasploit module uses the sqli to extract the web application's usernames and hashes. With the retrieved information tries to log into the admin control panel in order to deploy the PHP payload. This Metasploit module has been tested successfully on VBulletin Version 5.0.0 Beta 13 over an Ubuntu Linux distribution.
9d8efb0cad2d070a8f7a77f67fe384b7478ccfb79465861ec1f1764abe23a5f1