How to attack:

http://www.youtube.com/watch?v=0W8KWdiHzCI&feature=player_embedded

How to Fix ?

+ First solution:
Rename admincp dir. This is simple solution. However, when used in this way, will be some mod is not working or error.
In another case, if you have sub forum Admin, when you change the AdminCP dir, you must inform them of this. => They still know where is admincp folder.

+ Second solution:
Use this add on :)

https://vborg.vbsupport.ru/external/2012/12/22.png

Options:
https://vborg.vbsupport.ru/external/2012/12/23.png


Applies to all vbulletin versions

Change log:
v1.2: Fix some issue if admincp folder name has special char
v1.1: Fix loop error + Add some options

Source:
vt.Lai VBB Anti CSRF 1.0 (http://sinhvienit.net/@forum/threads/232980-vt-lai-vbb-anti-csrf-1-0-chong-tan-cong-csrf-vao-admincp-vbulletin/)
vt.Lai VBB Anti CSRF 1.1 (http://sinhvienit.net/@forum/threads/232989-vt-lai-vbb-anti-csrf-1-1-chong-tan-cong-csrf-vao-admincp-vbulletin/)
vt.Lai VBB Anti CSRF 1.2 (http://sinhvienit.net/@forum/threads/233289-vt-lai-vbb-anti-csrf-1-2-chong-tan-cong-csrf-vao-admincp-vbulletin/)

I don't take chance so installed thanks for predicting this loop whole mate :)