Exploiting

I want to get access to one site, and i found the way to read all files from that site, and i found some very interesting php file!

This is pics of that php file

http://www.freewebtown.com/mefisto/file.jpg

The problem is I can only list folder "downloads", if i try to go up one directory to list the home folder i get errror message "Illegal path specified, ignoring"

the url looks like http://site.com/folder1/file.php?path=

i tried everything

http://site.com/folder1/file.php?path=../ http://site.com/folder1/file.php?path=../somefolder/ http://site.com/folder1/file.php?path=..../

i forget how you can list directories from the url, i tried something like this

http://site.com/folder1/file.php?path=|ls -la|

and some other things but with no lucky!

btw this is the source code of that php file, and if you have time to look and tell me is this file exploitable, i`m sure it is!?

http://www.freewebtown.com/mefisto/file.txt

the url looks like http://site.com/folder1/file.php?path=

try http://site.com/folder1/file.php?path=abcd

If you get error:

Warning: main() [function.include]: Failed opening 'abcd' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in

Then it is vuln. If you don't get the function.include error, then it's not.

i`m getting only this message

abcd is not a subdirectory of the current directory.

i can send you site address if you want to check!?