Hmm, seems as though their BBS was running a different BBS software, but it was based on PHP as this one is. It would be nice to know if it was a PHP exploit or an exploit in their vBulletin software.