Hi I informed isc.sans.org about this on saturday morning but they failed to explicitly mention that it wasn't only phpBB related However setting register_globals to Off doesn't protect you completly The script could be modified to use fopen to download the "sploit" http://www.php-space.info/webmaster-news-3.php There is some "less heavy" exploiting in the wild seen using this -- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
