The Inj3ct0r team has announced today that they breached both Macrumors and the official vBulletin website.
Macrumors is “home to one of the largest Mac-focused forum sites, with over 690,000 members and over 14,300,000 forum posts as of April 2012”.
They stated in a Facebook post they they got access to the database, shelled the server and rooted it. They were able to do all of this via a critical Zer0-Day vulnerability in vBullletin versions 4.x.x and 5.x.x.
The team also provided screenshots for proof of these claims.
Vbulletin Database access:
They are also offering the Zero-day to patch your forum on their website for 7,000 coins, or 7,000 US dollars, you can purchase it here.