Hacking phpBB with SQL injection? Not likely. Even if it was vulnerable, do you know the name of the table the information is kept in? Do you know the column where the usernames and passwords are kept?

Well, suppose you did get the table, although that's unlikely. What if the information in it is encrypted? Do you know what encryption it is? Wanna spend a few centruies brute forcing all the possible encryption methods of the passwords and usernames?

There are many measures websites take to prevent SQL injections. The easiest is preventing the passing on of "illegal words and symbols" to the SQL query. A simple script can block words such as 'select' 'from' and symbols like '=' and '&' from being processed by the server.