I find a bug in some versions of htmltonuke. servers with php-nuke installed are not vulnerables some versions of htmltonuke only have permisions to acces to html files, but if you tipe the script before a invalid html file, the script are executed. exploit: http://www.example.com/htmltonuke.php?filnavn=[SCRIPT]%20example.html