How to install vbulletin vulnerability scanner (scan vB site for exploitable vulnerabilities):

Login Linux (do not have? get a VPS or install it in Virtualbox) and go to directory where you want to store "vbscan" folder.

Then download vbscan:
git clone https://github.com/rezasp/vbscan.git

git not found? do "apt-get install git" or "yum install git"

Go to its directory:
cd vbscan

Run it:
./vbscan.pl http://yourvbulletinsite.tld

result (sample report):
Code:
# ./vbscan.pl https://domain.name

  _  _  ____  ___   ___    __    _  _
 ( \/ )(  _ \/ __) / __)  /__\  ( \( )
  \  /  ) _ <\__ \( (__  /(__)\  )  (
   \/  (____/(___/ \___)(__)(__)(_)\_)
                (1337.today)

    --=[OWASP VBScan
    +---++---==[Version : 0.1.7.1
    +---++---==[Update Date : [2016/10/21]
    +---++---==[Author : Mohammad Reza Espargham
    +---++---==[Website : www.reza.es
    --=[Code name : Larry Wall
     @OWASP_VBScan , @rezesp , @OWASP

Processing https://domain.name ...



[+] Detecting Vbulletin based Firewall
[++] No known firewall detected

[+] Detecting vBulletin Version
[++] vBulletin 4.2.1


[+] Core Vbulletin Vulnerability
[++] vBulletin CVE-2016-6483 Server Side Request Forgery Security Bypass Vulnerability
EDB : http://www.exploit-db.com/exploits/40225/
http://www.securityfocus.com/bid/92350
http://legalhackers.com/advisories/vBulletin-SSRF-Vulnerability-Exploit.txt



[+] vBulletin LICENSE Check
[++] vBulletin LICENSE file : https://domain.name/LICENSE


[+] Full Path Disclosure (FPD)
[++] Full Path Disclosure (FPD) in 'https://domain.name/forumdisplay.php?do[]=[test.dll]' : /home/username/public_html/includes/class_core.php


[+] Checking apache info/status files
[++] Readable info/status files are not found

[+] Checking admincp/modcp path
[++] admincp does not exist or renamed
[++] modcp Found
https://domain.name/modcp

[+] Checking upgrade.php to find admincp
[++] upgrade.php not found

[+] Checking validator.php
[++] validator.php is not found

[+] Checking robots.txt existing
[++] robots.txt is found
path : https://domain.name/robots.txt

Interesting path found from robots.txt
https://domain.name/install/
https://domain.name/profile.php
https://domain.name/register.php
https://domain.name/report.php
https://domain.name/


[+] Checking c99 xml shell in admincp/subscriptions.php
[++] c99 shell is found
 shell path : https://domain.name/admincp/subscriptions.php?do=api

[+] Finding common backup files name
[++] Backup file is found
Path : https://domain.name/upload.zip


[+] Finding common log files name
[++] error log is not found

[+] Checking config.php.x for disclure config file
[++] Readable config files are not found

[+] Checking faq.php RCE backdoor
[++] Remote Code Execute backdoor not found

[+] Checking vBSEO 3.x - LFI (Local File Inclusion) vulnerability
[++] vbseo.php LFI is not vulnerable

[+] Checking vBulletin vBExperience 3 'sortorder' Parameter Cross Site Scripting Vulnerability
[++] xperience.php not vulnerable

[+] Checking arcade.php SQLI Vulnerability
[++] arcade.php not found

[+] Checking vBulletin YUI 2.9.0 XSS
[++] uploader.swf is vulnerable
https://domain.name/clientscript/yui/uploader/assets/uploader.swf?allowedDomain=\"})))}catch(e){alert(/XSS/);}//
 POC : https://packetstormsecurity.com/files/124746/vBulletin-YUI-2.9.0-Cross-Site-Scripting.html

[+] Checking for html tags status
[++] HTML tag are Disable

[+] Checking Vbulletin 5.x - Remote Code Execution Exploit
[++] decodeArguments is not vulnerable


Your Report : reports/domain.name/
vbscan can not find vBulletin? Try to pause Cloudflare during the scan. Seems that CF blocks these scans, which is good.