Let me first tell you a story: I'm on a message board run by Vbulletin, and me and my friend discovered a hidden forum... after posting a little while, we found out we could post anything we wanted there, and nobody would see it (it wasn't even in our latest posts, etc.). I got bored with the fact that there was a 30 second spam protection, and it took me a while to get more posts.
So I started writing a little script that had a variable with some text in it, scrambled the text to make some random crap out of those words, put it into a form with the exact names of the forms for posting replies in Vbulletin. I was surprised to see that it actually worked. After some more scripting (this is all basic PHP) I found a way to automaticly send the forms when the page loads, and refresh it after 30 seconds to post another post 'o crap.
All good and well, but I'm not a spammer: I was more excited about the fact that it works rather than the fact that I could get more posts.
Then I came on a messageboard that has PHPBB2, and I decided to test it out. All I had to do was change some variables names and voila, a spam machine for PHPBB2.
What I'm trying to say is.. this isn't very thoughtful and I was shocked there wasn't protection for this in PHPBB, nor VBulletin. Anybody, even me, can make a spam page for any forum.
This can be avoided easily, just by checking the referer page on the posting.php page.
If you want I can give you the script.. but I don't feel that it's necesary, nor safe to display it on these boards.
Thanks for your time,
edit: don't get me wrong, I'm not using this for bad (spamming). I just wanted to test if it worked