SQL Injection has been here for years... and many websites now protect themselves from the sql injection. For php it's enough easy to fix, and as the ASC forum is a complete script (made by a company) I'm almost sure that this has been fixed, or at least very hard to execute.
Anyway, for the "virus" part... many web servers are running on linux, and virus aren't aiming at linux. If they manage to enter 1 server, maybe they could try to install theses "viruses" on computers with internetexplorer/firefox but the user will get a question if he wants to install it...
The only scaring thing on this is because all our passwords stored here can be retreived. However... password here are not plain text, nor crypted. They're hashed so impossible to decrypt. The only method you can use to crack hashed passwords is bruteforcing.
Bruteforcing is not something easy to do if you have a long password (can take up to years for 10-12+ chars password).
Hope some of you are going to sleep a bit better lol
TM M3 Shorty
KJW Beretta M9