The Inj3ct0r team has announced today that they breached both Macrumors and the official vBulletin website.
Macrumors is “home to one of the largest Mac-focused forum sites, with over 690,000 members and over 14,300,000 forum posts as of April 2012”.
They stated in a Facebook post that they gained access to the database, dropped a shell on the server, and gained root access. They were able to do all of this via a critical Zer0-Day vulnerability in VBulletin versions 4.x.x and 5.x.x.
The team also provided screenshots for proof of these claims.
Shell access:
Vbulletin Database access: