vBulletin 5.6.1 SQL Injection tool

The access control in vBulletin versions below 5.6.1 are vulnerable to SQL injection as described in CVE-2020-12720. This tool has been used successfully on vBulletin version 5.6.1 on the Ubuntu Linux distribution.

vBulletin SQL injection tool

This tool uses the getIndexableContent vulnerability to reset the administrator’s password and it then uses the administrators login information to achieve remote code execution on the target.

sql injection code of the tool

Download this tool

Share this info: