lookiing at exploit-db (lol skiddy level stuff right here) there's a few exploits for smf > 1.1.20, one for smf 2 that exfiltrates memory
independent testing suggests these don't work however.
the million dollar question: how does bloxcity keep getting into accounts