PsychoStats 3.0.6b and prior

[kefka <kefka () kevinbeardsucks com>]

newtheme variable only expects "sane" behaivor, no arguement or an 
arguement with any special character, etc.. will cause it to error and 
display the full path to $pathtohlstats/includes/smarty/Smarty.class.php

$pathtohlstats/server.php?newcss=styles.css&newtheme=%00

Ex: Warning: Smarty error: unable to read resource: "server.html" in 
$pathtohlstats/includes/smarty/Smarty.class.php on line 1088


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/