The register globals allow an attacker to overwrite variables in a script by simply adding parameters to requests. PHP has this feature disabled by default in PHP 4.2.0 and above. But, there are some hosting servers that still support old PHP versions. There are servers that have set register globals as enabled. When register_globals is enabled, PHP will automatically create variables in the global scope and any values can be passed through GET, POST or COOKIE to these variables. This vulnerability along with the use of variables without initialisation may lead to numerous security vulnerabilities. Using register globals makes the application vulnerable to malicious user inputs. So Beagle recommends using super globals to access these variables. The register_globals has been removed from PHP version 5.4.0.
The attacker uses a .htacess file to hide malware and redirect search engines to their own malicious page.
beagle recommends the following fixes:-