Oh, okay, well as a security guy, the first thing I note in your complex scenario is that the admin is running software (in this case his browser) with a priveleged account on the same server that the BBS is running on.

No, that wasn't what I was saying. He does not need to be running the browser on the server at all.

Once my script is running in his browser on his local machine I can probably then access most of the features of the bbs that he has access to. At this point my script probably only has to do enough to grant my account admin rights and then me do the rest of the comfort of my own machine.

I have achieved attacks like this on software before, where the browser is running on the admin's local machine and IE is at the default security levels.