I have come across a "hack" that was done to a bulletin board (very recently),
that scares the bejeezus out of me.

I can see this happening pretty much on any bulletin board which uses any form of "sql" database.

In this specific case, they logged in, changed their session ID to "1", refreshed the page, then wreaked havoc all over the site.

I have the specific code used to perform this hack,
but do not want to merely display it here (for obvious reasons).

Who/How can I discuss this and what can/should I do to prevent it from happening on my site?

First make sure you are updated with the latest vbulletin and turn off the plugin system. This should help stop any breaches of security.

Report the bug to vbulletin.com, I think they use their project management tool to do this now.

Hope this helps

Heh, if only it was that easy to hack a board...

I can see this happening pretty much on any bulletin board which uses any form of "sql" database.

Umm thats kind of hard to belieave, But contact jelsoft(support ticket) to see what they say :D