recent see vbulletin sql injection 4.0.1 remote exploit im tested me site and is vuln, upgrade to 4.0.2 and is VULN again

any idea?

the code says:
# vBulletin. Version 4.0.1 Remote SQL Injection Exploit (coded 18/02/2010 and public)

[~] PREPARE TO CONNECT...
[+] CONNECTED
[~] SENDING QUERY...
[+] DONE!

Password is: XXXXXXXXXXXXXXX and see password from admin

question: is tested in versions 4.0.0, 4.0.1 and work but im upgrade to 4.0.2 and is vuln again

can help me to fix? :confused:

greetz

The only supposed exploit ive come across (for misc.php) is a complete hoax, written at least four years ago for another forum software. If you believe you have a different one, then you should raise a ticket on vbulletin.com, there is nothing that can be done on this site.