That's a better start. Now we (believers and unbelievers) can narrow the bug hunt.
I'm just a bit confused. I thought adding an image banner to overall header is just adding an <IMG SRC=""> that points to local image, right? Is phpbb do some image decoding when adidng tpl to the php page?
Or is it pointing to a shared ads/whatever from server generated image somewhere else? If so, then maybe the hacker is actually using that server image to insert some backdoor codes? Thus, they actually need to hack the image server first, then reapt the benefit (other sites) later?
Sorry for the (maybe) basic questions. I'm not that expert regarding these stuff.
Oops. Asked too soon. Thank's for the code comparison.